guix/gnu/packages/patches/icecat-CVE-2016-2814.patch


# HG changeset patch
# User Jean-Yves Avenard <jyavenard@mozilla.com>
# Date 1460655260 25200
# Node ID a13c0bc84d6eb132f4199f563fbe228d2d3b3a51
# Parent  88f1eb2c3f4b4b57365ed88223cf8adc2bec4610
Bug 1254721: Ensure consistency between Cenc offsets and sizes table. r=gerald a=sylvestre

MozReview-Commit-ID: E1KbKIIBR87

diff --git a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
--- a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
+++ b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp
@@ -612,18 +612,18 @@ status_t
 SampleTable::parseSampleCencInfo() {
     if ((!mCencDefaultSize && !mCencInfoCount) || mCencOffsets.isEmpty()) {
         // We don't have all the cenc information we need yet. Quietly fail and
         // hope we get the data we need later in the track header.
         ALOGV("Got half of cenc saio/saiz pair. Deferring parse until we get the other half.");
         return OK;
     }
 
-    if (!mCencSizes.isEmpty() && mCencOffsets.size() > 1 &&
-        mCencSizes.size() != mCencOffsets.size()) {
+    if ((mCencOffsets.size() > 1 && mCencOffsets.size() < mCencInfoCount) ||
+        (!mCencDefaultSize && mCencSizes.size() < mCencInfoCount)) {
         return ERROR_MALFORMED;
     }
 
     if (mCencInfoCount > kMAX_ALLOCATION / sizeof(SampleCencInfo)) {
         // Avoid future OOM.
         return ERROR_MALFORMED;
     }
gnu: icecat: Add fixes for CVE-2016-{2805,2807,2808,2814} etc. * gnu/packages/patches/icecat-CVE-2016-2805.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt1.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt2.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt3.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt4.patch, gnu/packages/patches/icecat-CVE-2016-2807-pt5.patch, gnu/packages/patches/icecat-CVE-2016-2808.patch, gnu/packages/patches/icecat-CVE-2016-2814.patch, gnu/packages/patches/icecat-update-bundled-graphite2: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches. icecat fixup 2016-04-28 02:33:02 +00:00
			`# HG changeset patch`
			`# User Jean-Yves Avenard <jyavenard@mozilla.com>`
			`# Date 1460655260 25200`
			`# Node ID a13c0bc84d6eb132f4199f563fbe228d2d3b3a51`
			`# Parent 88f1eb2c3f4b4b57365ed88223cf8adc2bec4610`
			`Bug 1254721: Ensure consistency between Cenc offsets and sizes table. r=gerald a=sylvestre`

			`MozReview-Commit-ID: E1KbKIIBR87`

			`diff --git a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp`
			`--- a/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp`
			`+++ b/media/libstagefright/frameworks/av/media/libstagefright/SampleTable.cpp`
			`@@ -612,18 +612,18 @@ status_t`
			`SampleTable::parseSampleCencInfo() {`
			`if ((!mCencDefaultSize && !mCencInfoCount) \|\| mCencOffsets.isEmpty()) {`
			`// We don't have all the cenc information we need yet. Quietly fail and`
			`// hope we get the data we need later in the track header.`
			`ALOGV("Got half of cenc saio/saiz pair. Deferring parse until we get the other half.");`
			`return OK;`
			`}`

			`- if (!mCencSizes.isEmpty() && mCencOffsets.size() > 1 &&`
			`- mCencSizes.size() != mCencOffsets.size()) {`
			`+ if ((mCencOffsets.size() > 1 && mCencOffsets.size() < mCencInfoCount) \|\|`
			`+ (!mCencDefaultSize && mCencSizes.size() < mCencInfoCount)) {`
			`return ERROR_MALFORMED;`
			`}`

			`if (mCencInfoCount > kMAX_ALLOCATION / sizeof(SampleCencInfo)) {`
			`// Avoid future OOM.`
			`return ERROR_MALFORMED;`
			`}`