Sophie: mplayer-1.0-1.rc4.0.r32713.5.3.mga1 src

mplayer-1.0-1.rc4.0.r32713.5.3.mga1.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

Description: fix denial of service and possible code execution via
 crafted VC1 file
Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=cf69619141a5742c4e4156177335d553c5bab7b6
Bug: https://roundup.ffmpeg.org/issue2584
Bug: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/690169

diff -Nur ffmpeg-0.6/libavcodec/vc1dec.c ffmpeg-0.6.new/libavcodec/vc1dec.c
--- ffmpeg-0.6/libavcodec/vc1dec.c	2010-04-20 10:45:34.000000000 -0400
+++ ffmpeg-0.6.new/libavcodec/vc1dec.c	2011-03-31 10:37:57.082468364 -0400
@@ -1365,7 +1365,7 @@
     if (index != vc1_ac_sizes[codingset] - 1) {
         run = vc1_index_decode_table[codingset][index][0];
         level = vc1_index_decode_table[codingset][index][1];
-        lst = index >= vc1_last_decode_table[codingset];
+        lst = index >= vc1_last_decode_table[codingset] || get_bits_left(gb) < 0;
         if(get_bits1(gb))
             level = -level;
     } else {