head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.10
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.8
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.6
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.4
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.1.0.6
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.4
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.2
	pkgsrc-2009Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2009.10.18.22.22.10;	author ahoka;	state dead;
branches;
next	1.1;

1.1
date	2009.02.02.19.20.49;	author drochner;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Upgrade to the SVN snapshot as of 2009-10-17.
The builtin libavcodec now uses yasm to assemble hand written
h264 code. The older x264 we currently have in pkgsrc is not supported
by mplayer, so I had to do some hand tweaking to make it work.
It may contain bugs because of this, so report any fallouts with h264.
@
text
@$NetBSD: patch-ap,v 1.1 2009/02/02 19:20:49 drochner Exp $

--- libavformat/psxstr.c.orig	2007-10-07 21:49:38.000000000 +0200
+++ libavformat/psxstr.c
@@@@ -276,12 +276,23 @@@@ static int str_read_packet(AVFormatConte
                 int current_sector = AV_RL16(&sector[0x1C]);
                 int sector_count   = AV_RL16(&sector[0x1E]);
                 int frame_size = AV_RL32(&sector[0x24]);
-                int bytes_to_copy;
+
+                if(!(   frame_size>=0
+                     && current_sector < sector_count
+                     && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){
+                    av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size);
+                    return AVERROR_INVALIDDATA;
+                }
+
 //        printf("%d %d %d\n",current_sector,sector_count,frame_size);
                 /* if this is the first sector of the frame, allocate a pkt */
                 pkt = &str->tmp_pkt;
-                if (current_sector == 0) {
-                    if (av_new_packet(pkt, frame_size))
+
+                if(pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){
+                    if(pkt->data)
+                        av_log(s, AV_LOG_ERROR, "missmatching sector_count\n");
+                    av_free_packet(pkt);
+                    if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE))
                         return AVERROR(EIO);
 
                     pkt->pos= url_ftell(pb) - RAW_CD_SECTOR_SIZE;
@@@@ -295,15 +306,15 @@@@ static int str_read_packet(AVFormatConte
                        str->pts += (90000 / 15);
                 }
 
-                /* load all the constituent chunks in the video packet */
-                bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE;
-                if (bytes_to_copy>0) {
-                    if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE;
-                    memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
-                        sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy);
-                }
+                memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
+                       sector + VIDEO_DATA_HEADER_SIZE,
+                       VIDEO_DATA_CHUNK_SIZE);
+
                 if (current_sector == sector_count-1) {
+                    pkt->size= frame_size;
                     *ret_pkt = *pkt;
+                    pkt->data= NULL;
+                    pkt->size= -1;
                     return 0;
                 }
 
@


1.1
log
@-add a patch from upstream to fix CVE-2008-3162
 (stack-based buffer overflow in the str_read_packet function in
   libavformat/psxstr.c)
-add (a modified version of) the ffmpeg 4xm patch which fixes
 possible memory corruption
bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@