[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: gnu: libvpx: Add upstream security fix.
|
From: |
Mark H. Weaver |
|
Subject: |
01/02: gnu: libvpx: Add upstream security fix. |
|
Date: |
Fri, 21 Sep 2018 07:21:51 -0400 (EDT) |
mhw pushed a commit to branch master
in repository guix.
commit c5327efb97208df569b4682ef5bfe4ac825d1c4f
Author: Mark H Weaver <address@hidden>
Date: Fri Sep 21 04:34:10 2018 -0400
gnu: libvpx: Add upstream security fix.
* gnu/packages/patches/libvpx-use-after-free-in-postproc.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/video.scm (libvpx)[source]: Add patch.
---
gnu/local.mk | 1 +
.../libvpx-use-after-free-in-postproc.patch | 34 ++++++++++++++++++++++
gnu/packages/video.scm | 3 +-
3 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 4bca986..9c69fd4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -916,6 +916,7 @@ dist_patch_DATA =
\
%D%/packages/patches/libutils-remove-damaging-includes.patch \
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
+ %D%/packages/patches/libvpx-use-after-free-in-postproc.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
%D%/packages/patches/libxt-guix-search-paths.patch \
%D%/packages/patches/lierolibre-check-unaligned-access.patch \
diff --git a/gnu/packages/patches/libvpx-use-after-free-in-postproc.patch
b/gnu/packages/patches/libvpx-use-after-free-in-postproc.patch
new file mode 100644
index 0000000..04f2a95
--- /dev/null
+++ b/gnu/packages/patches/libvpx-use-after-free-in-postproc.patch
@@ -0,0 +1,34 @@
+From 52add5896661d186dec284ed646a4b33b607d2c7 Mon Sep 17 00:00:00 2001
+From: Jerome Jiang <address@hidden>
+Date: Wed, 23 May 2018 15:43:00 -0700
+Subject: [PATCH] VP8: Fix use-after-free in postproc.
+
+The pointer in vp8 postproc refers to show_frame_mi which is only
+updated on show frame. However, when there is a no-show frame which also
+changes the size (thus new frame buffers allocated), show_frame_mi is
+not updated with new frame buffer memory.
+
+Change the pointer in postproc to mi which is always updated.
+
+Bug: 842265
+Change-Id: I33874f2112b39f74562cba528432b5f239e6a7bd
+---
+ vp8/common/postproc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/vp8/common/postproc.c b/vp8/common/postproc.c
+index d67ee8a57..8c292d616 100644
+--- a/vp8/common/postproc.c
++++ b/vp8/common/postproc.c
+@@ -65,7 +65,7 @@ void vp8_deblock(VP8_COMMON *cm, YV12_BUFFER_CONFIG *source,
+ double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
+ int ppl = (int)(level + .5);
+
+- const MODE_INFO *mode_info_context = cm->show_frame_mi;
++ const MODE_INFO *mode_info_context = cm->mi;
+ int mbr, mbc;
+
+ /* The pixel thresholds are adjusted according to if or not the macroblock
+--
+2.19.0
+
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 4882f04..448773e 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1242,7 +1242,8 @@ access to mpv's powerful playback capabilities.")
(sha256
(base32
"0vvh89hvp8qg9an9vcmwb7d9k3nixhxaz6zi65qdjnd0i56kkcz6"))
- (patches (search-patches "libvpx-CVE-2016-2818.patch"))))
+ (patches (search-patches
"libvpx-use-after-free-in-postproc.patch"
+ "libvpx-CVE-2016-2818.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list "--enable-shared"