gnu/packages/patches/libvpx-CVE-2016-2818.patch

   1 Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c
   2
   3   changeset:   312077:7ebfe49f001c
   4   user:        Randell Jesup <rjesup@jesup.org>
   5   Date:        Fri Apr 15 23:11:01 2016 -0400
   6   summary:     Bug 1263384: validate input frames against configured resolution in vp8 r=rillian, a=ritu,lizzard
   7
   8   MozReview-Commit-ID: BxDCnJe0mzs
   9
  10 --- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig        2015-11-09 17:12:38.000000000 -0500
  11 +++ libvpx-1.5.0/vp8/vp8_cx_iface.c     2016-06-08 08:48:46.037213092 -0400
  12 @@ -860,11 +860,20 @@
  13      if (img != NULL) {
  14        res = image2yuvconfig(img, &sd);
  15
  16 -      if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, &sd,
  17 -                                dst_time_stamp, dst_end_time_stamp)) {
  18 -        VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
  19 -        res = update_error_state(ctx, &cpi->common.error);
  20 -      }
  21 +            if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) {
  22 +                /* from vp8_encoder.h for g_w/g_h:
  23 +                   "Note that the frames passed as input to the encoder must have this resolution"
  24 +                */
  25 +                ctx->base.err_detail = "Invalid input frame resolution";
  26 +                res = VPX_CODEC_INVALID_PARAM;
  27 +            } else {
  28 +                if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags,
  29 +                                          &sd, dst_time_stamp, dst_end_time_stamp))
  30 +                {
  31 +                    VP8_COMP *cpi = (VP8_COMP *)ctx->cpi;
  32 +                    res = update_error_state(ctx, &cpi->common.error);
  33 +                }
  34 +            }
  35
  36        /* reset for next frame */
  37        ctx->next_frame_flag = 0;