File libquicktime-1.2.4-multiple_vulnerabilities.patch of Package libquicktime.5059

Overview Repositories Revisions Requests Users Attributes Meta

File libquicktime-1.2.4-multiple_vulnerabilities.patch of Package libquicktime.5059

Index: libquicktime-1.2.4/src/atom.c
===================================================================
--- libquicktime-1.2.4.orig/src/atom.c
+++ libquicktime-1.2.4/src/atom.c
@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime
 			atom->size = read_size64(header);
 			atom->end = atom->start + atom->size;
 		}
+/* Avoid broken files */
+	if(atom->end > file->total_length)
+	  result = 1;
 	}
 
 
Index: libquicktime-1.2.4/src/lqt_quicktime.c
===================================================================
--- libquicktime-1.2.4.orig/src/lqt_quicktime.c
+++ libquicktime-1.2.4/src/lqt_quicktime.c
@@ -1788,8 +1788,8 @@ int quicktime_read_info(quicktime_t *fil
                 quicktime_set_position(file, start_position);
                 free(temp);
 
-                quicktime_read_moov(file, &file->moov, &leaf_atom);
-                got_header = 1;
+                if(!quicktime_read_moov(file, &file->moov, &leaf_atom))
+                  got_header = 1;
                 }
               else
                 quicktime_atom_skip(file, &leaf_atom);
Index: libquicktime-1.2.4/src/moov.c
===================================================================
--- libquicktime-1.2.4.orig/src/moov.c
+++ libquicktime-1.2.4/src/moov.c
@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil
 		if(quicktime_atom_is(&leaf_atom, "trak"))
 		{
 			quicktime_trak_t *trak = quicktime_add_trak(file);
-			quicktime_read_trak(file, trak, &leaf_atom);
+			if(quicktime_read_trak(file, trak, &leaf_atom))
+                          return 1;
 		}
 		else
 		if(quicktime_atom_is(&leaf_atom, "udta"))
Index: libquicktime-1.2.4/src/trak.c
===================================================================
--- libquicktime-1.2.4.orig/src/trak.c
+++ libquicktime-1.2.4/src/trak.c
@@ -269,6 +269,14 @@ int quicktime_read_trak(quicktime_t *fil
     else quicktime_atom_skip(file, &leaf_atom);
     } while(quicktime_position(file) < trak_atom->end);
 
+  /* Do some sanity checks to prevent later crashes */
+  if(trak->mdia.minf.is_video || trak->mdia.minf.is_video)
+    {
+    if(!trak->mdia.minf.stbl.stsc.table ||
+       !trak->mdia.minf.stbl.stco.table)
+      return 1;
+    }
+
 #if 1 
   if(trak->mdia.minf.is_video &&
      quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac"))

Places

File libquicktime-1.2.4-multiple_vulnerabilities.patch of Package libquicktime.5059

Places