1 files changed, 0 insertions, 64 deletions
diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch
deleted file mode 100644
index 90f3fd0314..0000000000
--- a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 8b94df0f2047e9728cb872adc9e64557b7a5152f Mon Sep 17 00:00:00 2001
-From: Reinhard Tartler <siretart@tauware.de>
-Date: Sun, 4 Dec 2011 10:10:33 +0100
-Subject: [PATCH] vp3dec: Check coefficient index in vp3_dequant()
-Based on a patch by Michael Niedermayer <michaelni@gmx.at>
-Fixes NGS00145, CVE-2011-4352
-Found-by: Phillip Langlois
-Signed-off-by: Reinhard Tartler <siretart@tauware.de>
-Upstream-Status: Backport
-http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
- libavcodec/vp3.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
-index 51ab048..f44d084 100644
--- a/gst-libs/ext/libav/libavcodec/vp3.c
-+++ b/gst-libs/ext/libav/libavcodec/vp3.c
-@@ -1363,6 +1363,10 @@ static inline int vp3_dequant(Vp3DecodeContext *s, Vp3Fragment *frag,
-         case 1: // zero run
-             s->dct_tokens[plane][i]++;
-             i += (token >> 2) & 0x7f;
-+            if (i > 63) {
-+                av_log(s->avctx, AV_LOG_ERROR, "Coefficient index overflow\n");
-+                return i;
-+            }
-             block[perm[i]] = (token >> 9) * dequantizer[perm[i]];
-             i++;
-             break;
-@@ -1566,7 +1570,10 @@ static void render_slice(Vp3DecodeContext *s, int slice)
-                     /* invert DCT and place (or add) in final output */
- 
-                     if (s->all_fragments[i].coding_method == MODE_INTRA) {
-                        vp3_dequant(s, s->all_fragments + i, plane, 0, block);
-+                        int index;
-+                        index = vp3_dequant(s, s->all_fragments + i, plane, 0, block);
-+                        if (index > 63)
-+                            continue;
-                         if(s->avctx->idct_algo!=FF_IDCT_VP3)
-                             block[0] += 128<<3;
-                         s->dsp.idct_put(
-@@ -1574,7 +1581,10 @@ static void render_slice(Vp3DecodeContext *s, int slice)
-                             stride,
-                             block);
-                     } else {
-                        if (vp3_dequant(s, s->all_fragments + i, plane, 1, block)) {
-+                        int index = vp3_dequant(s, s->all_fragments + i, plane, 1, block);
-+                        if (index > 63)
-+                            continue;
-+                        if (index > 0) {
-                         s->dsp.idct_add(
-                             output_plane + first_pixel,
-                             stride,
-- 
-2.1.1

diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch deleted file mode 100644 index 90f3fd0314..0000000000 --- a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch +++ /dev/null
@@ -1,64 +0,0 @@
1	From 8b94df0f2047e9728cb872adc9e64557b7a5152f Mon Sep 17 00:00:00 2001
2	From: Reinhard Tartler <siretart@tauware.de>
3	Date: Sun, 4 Dec 2011 10:10:33 +0100
4	Subject: [PATCH] vp3dec: Check coefficient index in vp3_dequant()
5
6	Based on a patch by Michael Niedermayer <michaelni@gmx.at>
7
8	Fixes NGS00145, CVE-2011-4352
9
10	Found-by: Phillip Langlois
11	Signed-off-by: Reinhard Tartler <siretart@tauware.de>
12
13
14	Upstream-Status: Backport
15
16	http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f
17
18	Signed-off-by: Kai Kang <kai.kang@windriver.com>
19	---
20	libavcodec/vp3.c \| 14 ++++++++++++--
21	1 file changed, 12 insertions(+), 2 deletions(-)
22
23	diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
24	index 51ab048..f44d084 100644
25	--- a/gst-libs/ext/libav/libavcodec/vp3.c
26	+++ b/gst-libs/ext/libav/libavcodec/vp3.c
27	@@ -1363,6 +1363,10 @@ static inline int vp3_dequant(Vp3DecodeContext s, Vp3Fragment frag,
28	case 1: // zero run
29	s->dct_tokens[plane][i]++;
30	i += (token >> 2) & 0x7f;
31	+ if (i > 63) {
32	+ av_log(s->avctx, AV_LOG_ERROR, "Coefficient index overflow\n");
33	+ return i;
34	+ }
35	block[perm[i]] = (token >> 9) * dequantizer[perm[i]];
36	i++;
37	break;
38	@@ -1566,7 +1570,10 @@ static void render_slice(Vp3DecodeContext *s, int slice)
39	/* invert DCT and place (or add) in final output */
40
41	if (s->all_fragments[i].coding_method == MODE_INTRA) {
42	- vp3_dequant(s, s->all_fragments + i, plane, 0, block);
43	+ int index;
44	+ index = vp3_dequant(s, s->all_fragments + i, plane, 0, block);
45	+ if (index > 63)
46	+ continue;
47	if(s->avctx->idct_algo!=FF_IDCT_VP3)
48	block[0] += 128<<3;
49	s->dsp.idct_put(
50	@@ -1574,7 +1581,10 @@ static void render_slice(Vp3DecodeContext *s, int slice)
51	stride,
52	block);
53	} else {
54	- if (vp3_dequant(s, s->all_fragments + i, plane, 1, block)) {
55	+ int index = vp3_dequant(s, s->all_fragments + i, plane, 1, block);
56	+ if (index > 63)
57	+ continue;
58	+ if (index > 0) {
59	s->dsp.idct_add(
60	output_plane + first_pixel,
61	stride,
62	--
63	2.1.1
64