mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-15 11:25:22 -05:00
dde2a94c09
* gnu/packages/patches/icecat-CVE-2016-2805.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt1.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt2.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt3.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch, gnu/packages/patches/icecat-CVE-2016-2808.patch, gnu/packages/patches/icecat-CVE-2016-2814.patch, gnu/packages/patches/icecat-update-bundled-graphite2: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. icecat fixup
35 lines
1.5 KiB
Diff
35 lines
1.5 KiB
Diff
|
|
# HG changeset patch
|
|
# User Jean-Yves Avenard <jyavenard@mozilla.com>
|
|
# Date 1460655260 25200
|
|
# Node ID a13c0bc84d6eb132f4199f563fbe228d2d3b3a51
|
|
# Parent 88f1eb2c3f4b4b57365ed88223cf8adc2bec4610
|
|
Bug 1254721: Ensure consistency between Cenc offsets and sizes table. r=gerald a=sylvestre
|
|
|
|
MozReview-Commit-ID: E1KbKIIBR87
|
|
|
|
diff --git a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
|
|
--- a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
|
|
+++ b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
|
|
@@ -612,18 +612,18 @@ status_t
|
|
SampleTable::parseSampleCencInfo() {
|
|
if ((!mCencDefaultSize && !mCencInfoCount) || mCencOffsets.isEmpty()) {
|
|
// We don't have all the cenc information we need yet. Quietly fail and
|
|
// hope we get the data we need later in the track header.
|
|
ALOGV("Got half of cenc saio/saiz pair. Deferring parse until we get the other half.");
|
|
return OK;
|
|
}
|
|
|
|
- if (!mCencSizes.isEmpty() && mCencOffsets.size() > 1 &&
|
|
- mCencSizes.size() != mCencOffsets.size()) {
|
|
+ if ((mCencOffsets.size() > 1 && mCencOffsets.size() < mCencInfoCount) ||
|
|
+ (!mCencDefaultSize && mCencSizes.size() < mCencInfoCount)) {
|
|
return ERROR_MALFORMED;
|
|
}
|
|
|
|
if (mCencInfoCount > kMAX_ALLOCATION / sizeof(SampleCencInfo)) {
|
|
// Avoid future OOM.
|
|
return ERROR_MALFORMED;
|
|
}
|
|
|
|
|