guix/gnu/packages/patches/icecat-CVE-2016-2814.patch
Mark H Weaver dde2a94c09 gnu: icecat: Add fixes for CVE-2016-{2805,2807,2808,2814} etc.
* gnu/packages/patches/icecat-CVE-2016-2805.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt1.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt2.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt3.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch,
gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch,
gnu/packages/patches/icecat-CVE-2016-2808.patch,
gnu/packages/patches/icecat-CVE-2016-2814.patch,
gnu/packages/patches/icecat-update-bundled-graphite2: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.

icecat fixup
2016-04-28 10:25:19 -04:00

35 lines
1.5 KiB
Diff

# HG changeset patch
# User Jean-Yves Avenard <jyavenard@mozilla.com>
# Date 1460655260 25200
# Node ID a13c0bc84d6eb132f4199f563fbe228d2d3b3a51
# Parent 88f1eb2c3f4b4b57365ed88223cf8adc2bec4610
Bug 1254721: Ensure consistency between Cenc offsets and sizes table. r=gerald a=sylvestre
MozReview-Commit-ID: E1KbKIIBR87
diff --git a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
--- a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
+++ b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
@@ -612,18 +612,18 @@ status_t
SampleTable::parseSampleCencInfo() {
if ((!mCencDefaultSize && !mCencInfoCount) || mCencOffsets.isEmpty()) {
// We don't have all the cenc information we need yet. Quietly fail and
// hope we get the data we need later in the track header.
ALOGV("Got half of cenc saio/saiz pair. Deferring parse until we get the other half.");
return OK;
}
- if (!mCencSizes.isEmpty() && mCencOffsets.size() > 1 &&
- mCencSizes.size() != mCencOffsets.size()) {
+ if ((mCencOffsets.size() > 1 && mCencOffsets.size() < mCencInfoCount) ||
+ (!mCencDefaultSize && mCencSizes.size() < mCencInfoCount)) {
return ERROR_MALFORMED;
}
if (mCencInfoCount > kMAX_ALLOCATION / sizeof(SampleCencInfo)) {
// Avoid future OOM.
return ERROR_MALFORMED;
}