diff options
Diffstat (limited to 'media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch')
-rw-r--r-- | media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch deleted file mode 100644 index 487dc709af39..000000000000 --- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch +++ /dev/null @@ -1,33 +0,0 @@ -Upstream: https://github.com/sergiomb2/libmp4v2/commit/bb920de948c85e3db4a52292ac7250a50e3bfc86 -Gentoo Bug: https://bugs.gentoo.org/661582 - -From bb920de948c85e3db4a52292ac7250a50e3bfc86 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com> -Date: Sat, 2 Nov 2019 04:19:27 +0000 -Subject: [PATCH] Fix v2 Type confusion in MP4v2 2.0.0 - -The bug is caused by the wrong assumption that the child of an `ilst` -can never be an `ilst`. So we could fix it by simply adding an ASSERT. - -Reference: https://www.openwall.com/lists/oss-security/2018/07/17/1 -Addresses: https://nvd.nist.gov/vuln/detail/CVE-2018-14379 ---- - src/mp4atom.cpp | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/mp4atom.cpp b/src/mp4atom.cpp -index 520cbc8..7a0a53f 100644 ---- a/src/mp4atom.cpp -+++ b/src/mp4atom.cpp -@@ -778,8 +778,10 @@ MP4Atom::factory( MP4File &file, MP4Atom* parent, const char* type ) - const char* const ptype = parent->GetType(); - - if( descendsFrom( parent, "ilst" )) { -- if( ATOMID( ptype ) == ATOMID( "ilst" )) -+ if( ATOMID( ptype ) == ATOMID( "ilst" )) { -+ ASSERT(ATOMID( type ) != ATOMID( "ilst" )); - return new MP4ItemAtom( file, type ); -+ } - - if( ATOMID( type ) == ATOMID( "data" )) - return new MP4DataAtom(file); |