Date: Thu, 8 Mar 2018 18:34:26 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r463910 - in branches/2018Q1/multimedia/libvpx: . files Message-ID: <201803081834.w28IYQdv096757@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Thu Mar 8 18:34:26 2018 New Revision: 463910 URL: https://svnweb.freebsd.org/changeset/ports/463910 Log: multimedia/libvpx: backport vpx_image fix (direct commit) Reported by: Debian Obtained from: upstream (libvpx 1.7.0) Approved by: ports-secteam blanket Added: branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194 (contents, props changed) Modified: branches/2018Q1/multimedia/libvpx/Makefile Modified: branches/2018Q1/multimedia/libvpx/Makefile ============================================================================== --- branches/2018Q1/multimedia/libvpx/Makefile Thu Mar 8 17:21:23 2018 (r463909) +++ branches/2018Q1/multimedia/libvpx/Makefile Thu Mar 8 18:34:26 2018 (r463910) @@ -4,7 +4,7 @@ PORTNAME= libvpx DISTVERSIONPREFIX= v DISTVERSION= 1.6.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= multimedia PATCH_SITES= https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/commit/ Added: branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194 Thu Mar 8 18:34:26 2018 (r463910) @@ -0,0 +1,43 @@ +https://chromium.googlesource.com/webm/libvpx/+/5a40c8fde11b%5E!/ +https://chromium.googlesource.com/webm/libvpx/+/33c598990bc7%5E!/ + +--- vpx/src/vpx_image.c.orig 2017-01-12 20:27:27 UTC ++++ vpx/src/vpx_image.c +@@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, + default: ycs = 0; break; + } + +- /* Calculate storage sizes given the chroma subsampling */ +- align = (1 << xcs) - 1; +- w = (d_w + align) & ~align; +- align = (1 << ycs) - 1; +- h = (d_h + align) & ~align; ++ /* Calculate storage sizes. If the buffer was allocated externally, the width ++ * and height shouldn't be adjusted. */ ++ w = d_w; ++ h = d_h; + s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; + s = (s + stride_align - 1) & ~(stride_align - 1); + stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; +@@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, + img->img_data = img_data; + + if (!img_data) { +- const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR) +- ? (uint64_t)h * s * bps / 8 +- : (uint64_t)h * s; ++ uint64_t alloc_size; ++ /* Calculate storage sizes given the chroma subsampling */ ++ align = (1 << xcs) - 1; ++ w = (d_w + align) & ~align; ++ align = (1 << ycs) - 1; ++ h = (d_h + align) & ~align; ++ ++ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; ++ s = (s + stride_align - 1) & ~(stride_align - 1); ++ stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; ++ alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8 ++ : (uint64_t)h * s; + + if (alloc_size != (size_t)alloc_size) goto fail; +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803081834.w28IYQdv096757>