0a860f21e1
- Switch site to an active fork
- Send patch upstream
- Update indentation in hash file (two spaces)
- Fix the following CVEs:
- CVE-2018-14054: A double free exists in the MP4StringProperty class
in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again
in the destructor once an exception is triggered.
Fixed by
f09cceeee5
- CVE-2018-14325: In MP4v2 2.0.0, there is an integer underflow (with
resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
Fixed by
e475013c6e
- CVE-2018-14326: In MP4v2 2.0.0, there is an integer overflow (with
resultant memory corruption) when resizing MP4Array for the ftyp
atom in mp4array.h.
Fixed by
70d823ccd8
- CVE-2018-14379: MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0
incorrectly uses the MP4ItemAtom data type in a certain case where
MP4DataAtom is required, which allows remote attackers to cause a
denial of service (memory corruption) or possibly have unspecified
other impact via a crafted MP4 file, because access to the data
structure has different expectations about layout as a result of
this type confusion.
Fixed by
73f38b4296
- CVE-2018-14403: MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0
mishandles substrings of atom names, leading to use of an
inappropriate data type for associated atoms. The resulting type
confusion can cause out-of-bounds memory access.
Fixed by
51cb6b36f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From 855e9674232808ff3be7191b697dfb56917db21f Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
|
|
Date: Wed, 8 Feb 2017 00:56:32 +0000
|
|
Subject: [PATCH] Fix GCC7 build
|
|
|
|
if (*pSlash != '\0') {
|
|
|
|
As it stands the body of that if will always execute and when there are
|
|
no encoding parameters ppEncodingParams will be returned as a pointer to
|
|
an empty string rather than as a null pointer
|
|
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
[Upstream status: https://github.com/TechSmith/mp4v2/pull/36]
|
|
---
|
|
src/rtphint.cpp | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/rtphint.cpp b/src/rtphint.cpp
|
|
index e07309d..1eb01f5 100644
|
|
--- a/src/rtphint.cpp
|
|
+++ b/src/rtphint.cpp
|
|
@@ -339,7 +339,7 @@ void MP4RtpHintTrack::GetPayload(
|
|
pSlash = strchr(pSlash, '/');
|
|
if (pSlash != NULL) {
|
|
pSlash++;
|
|
- if (pSlash != '\0') {
|
|
+ if (*pSlash != '\0') {
|
|
length = (uint32_t)strlen(pRtpMap) - (pSlash - pRtpMap);
|
|
*ppEncodingParams = (char *)MP4Calloc(length + 1);
|
|
strncpy(*ppEncodingParams, pSlash, length);
|
|
--
|
|
2.11.0
|
|
|