summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch112
1 files changed, 112 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch
new file mode 100644
index 0000000000..c5d0e4ad60
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch
@@ -0,0 +1,112 @@
+From 76e6db3e514350fd146cb04425e669d63b59f889 Mon Sep 17 00:00:00 2001
+From: Gerald Squelart <gsquelart@mozilla.com>
+Date: Wed, 9 Dec 2015 09:59:37 +0100
+Subject: [PATCH] Bug 1216748 - p2. Handle failed malloc in Metadata storage -
+ r=rillian, a=sylvestre
+
+---
+ .../av/include/media/stagefright/MetaData.h | 2 +-
+ .../av/media/libstagefright/MetaData.cpp | 35 ++++++++++++++--------
+ 2 files changed, 24 insertions(+), 13 deletions(-)
+
+diff --git a/media/libstagefright/frameworks/av/include/media/stagefright/MetaData.h b/media/libstagefright/frameworks/av/include/media/stagefright/MetaData.h
+index 30d969d..0a8ff77 100644
+--- a/media/libstagefright/frameworks/av/include/media/stagefright/MetaData.h
++++ b/media/libstagefright/frameworks/av/include/media/stagefright/MetaData.h
+@@ -248,7 +248,7 @@ private:
+ return mSize <= sizeof(u.reservoir);
+ }
+
+- void allocateStorage(size_t size);
++ bool allocateStorage(size_t size);
+ void freeStorage();
+
+ void *storage() {
+diff --git a/media/libstagefright/frameworks/av/media/libstagefright/MetaData.cpp b/media/libstagefright/frameworks/av/media/libstagefright/MetaData.cpp
+index c832c96..cba324d 100644
+--- a/media/libstagefright/frameworks/av/media/libstagefright/MetaData.cpp
++++ b/media/libstagefright/frameworks/av/media/libstagefright/MetaData.cpp
+@@ -220,7 +220,7 @@ bool MetaData::findData(uint32_t key, uint32_t *type,
+ }
+
+ MetaData::typed_data::typed_data()
+- : mType(0),
++ : mType(TYPE_NONE),
+ mSize(0) {
+ }
+
+@@ -231,17 +231,19 @@ MetaData::typed_data::~typed_data() {
+ MetaData::typed_data::typed_data(const typed_data &from)
+ : mType(from.mType),
+ mSize(0) {
+- allocateStorage(from.mSize);
+- memcpy(storage(), from.storage(), mSize);
++ if (allocateStorage(from.mSize)) {
++ memcpy(storage(), from.storage(), mSize);
++ }
+ }
+
+ MetaData::typed_data &MetaData::typed_data::operator=(
+ const MetaData::typed_data &from) {
+ if (this != &from) {
+ clear();
+- mType = from.mType;
+- allocateStorage(from.mSize);
+- memcpy(storage(), from.storage(), mSize);
++ if (allocateStorage(from.mSize)) {
++ mType = from.mType;
++ memcpy(storage(), from.storage(), mSize);
++ }
+ }
+
+ return *this;
+@@ -250,16 +252,17 @@ MetaData::typed_data &MetaData::typed_data::operator=(
+ void MetaData::typed_data::clear() {
+ freeStorage();
+
+- mType = 0;
++ mType = TYPE_NONE;
+ }
+
+ void MetaData::typed_data::setData(
+ uint32_t type, const void *data, size_t size) {
+ clear();
+
+- mType = type;
+- allocateStorage(size);
+- memcpy(storage(), data, size);
++ if (allocateStorage(size)) {
++ mType = type;
++ memcpy(storage(), data, size);
++ }
+ }
+
+ void MetaData::typed_data::getData(
+@@ -269,14 +272,22 @@ void MetaData::typed_data::getData(
+ *data = storage();
+ }
+
+-void MetaData::typed_data::allocateStorage(size_t size) {
++bool MetaData::typed_data::allocateStorage(size_t size) {
++ // Update mSize now, as it is needed by usesReservoir() below.
++ // (mSize will be reset if the allocation fails further below.)
+ mSize = size;
+
+ if (usesReservoir()) {
+- return;
++ return true;
+ }
+
+ u.ext_data = malloc(mSize);
++ if (!u.ext_data) {
++ mType = TYPE_NONE;
++ mSize = 0;
++ return false;
++ }
++ return true;
+ }
+
+ void MetaData::typed_data::freeStorage() {
+--
+2.6.3
+
generated by cgit v1.2.3 (git 2.45.2) at 2024-08-24 18:13:04 +0000