SOURCES: xvid-CVE-2007-3329.patch (NEW) - new

Fri Aug 24 22:29:03 CEST 2007

Author: adamg                        Date: Fri Aug 24 20:29:03 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- new

---- Files affected:
SOURCES:
   xvid-CVE-2007-3329.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/xvid-CVE-2007-3329.patch
diff -u /dev/null SOURCES/xvid-CVE-2007-3329.patch:1.1

--- /dev/null	Fri Aug 24 22:29:03 2007
+++ SOURCES/xvid-CVE-2007-3329.patch	Fri Aug 24 22:28:58 2007
@@ -0,0 +1,68 @@
+--- xvidcore-1.1.2/src/bitstream/mbcoding.c	2007/04/28 16:30:20	1.54
++++ xvidcore-1.1.2/src/bitstream/mbcoding.c	2007/06/27 14:38:05	1.55
+@@ -1091,18 +1091,11 @@
+ 
+ 	do {
+ 		level = get_coeff(bs, &run, &last, 1, 0);
+-		if (run == -1) {
+-			DPRINTF(XVID_DEBUG_ERROR,"fatal: invalid run");
+-			break;
+-		}
+ 		coeff += run;
+-		
+-#ifdef _DEBUG
+-		if(coeff>=64) {
+-		  DPRINTF(XVID_DEBUG_ERROR,"error: overflow in coefficient index\n");
+-		  return;
++		if ((run|coeff)&~63) {
++			DPRINTF(XVID_DEBUG_ERROR,"fatal: invalid run or index");
++			break;
+ 		}
+-#endif
+ 
+ 		block[scan[coeff]] = level;
+ 
+@@ -1139,18 +1132,11 @@
+ 	p = 0;
+ 	do {
+ 		level = get_coeff(bs, &run, &last, 0, 0);
+-		if (run == -1) {
+-			DPRINTF(XVID_DEBUG_ERROR,"fatal: invalid run");
+-			break;
+-		}
+ 		p += run;
+-
+-#ifdef _DEBUG
+-		if(p>=64)	{
+-		  DPRINTF(XVID_DEBUG_ERROR,"error: overflow in coefficient index\n");
+-		  return;
++		if ((p|run)&~63) {
++			DPRINTF(XVID_DEBUG_ERROR,"fatal: invalid run or index");
++			break;
+ 		}
+-#endif
+ 
+ 		if (level < 0) {
+ 			level = level*quant_m_2 - quant_add;
+@@ -1181,18 +1167,11 @@
+ 	p = 0;
+ 	do {
+ 		level = get_coeff(bs, &run, &last, 0, 0);
+-		if (run == -1) {
+-			DPRINTF(XVID_DEBUG_ERROR,"fatal: invalid run");
+-			break;
+-		}
+ 		p += run;
+-
+-#ifdef _DEBUG
+-		if(p>=64)	{
+-		  DPRINTF(XVID_DEBUG_ERROR,"error: overflow in coefficient index\n");
+-		  return;
++		if ((p|run)&~63) {
++			DPRINTF(XVID_DEBUG_ERROR,"fatal: invalid run or index");
++			break;
+ 		}
+-#endif
+ 
+ 		if (level < 0) {
+ 			level = ((2 * -level + 1) * matrix[scan[p]] * quant) >> 4;
================================================================
