summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog3
-rw-r--r--src/libw32dll/DirectShow/DS_VideoDecoder.c1
-rw-r--r--src/libw32dll/dmo/DMO_VideoDecoder.c1
3 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 46539b699..7179887b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
xine-lib (1.1.5) (Unreleased)
+ * Security fixes:
+ - Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925]
+ Thanks to Kees Cook for reporting.
* Improved PulseAudio plugin, now only one connection per instance is opened
and the mainloop is threaded to reduce latency during playback.
* Added XCB-based output plugins (Xv and XShm), to use in software using
diff --git a/src/libw32dll/DirectShow/DS_VideoDecoder.c b/src/libw32dll/DirectShow/DS_VideoDecoder.c
index e34659f91..44c6d26d7 100644
--- a/src/libw32dll/DirectShow/DS_VideoDecoder.c
+++ b/src/libw32dll/DirectShow/DS_VideoDecoder.c
@@ -110,6 +110,7 @@ DS_VideoDecoder * DS_VideoDecoder_Open(char* dllname, GUID* guid, BITMAPINFOHEAD
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
memcpy(this->iv.m_bh, format, bihs);
+ this->iv.m_bh->biSize = bihs;
this->iv.m_State = STOP;
//this->iv.m_pFrame = 0;
diff --git a/src/libw32dll/dmo/DMO_VideoDecoder.c b/src/libw32dll/dmo/DMO_VideoDecoder.c
index 564c26ec8..3ad85645a 100644
--- a/src/libw32dll/dmo/DMO_VideoDecoder.c
+++ b/src/libw32dll/dmo/DMO_VideoDecoder.c
@@ -118,6 +118,7 @@ DMO_VideoDecoder * DMO_VideoDecoder_Open(char* dllname, GUID* guid, BITMAPINFOHE
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
memcpy(this->iv.m_bh, format, bihs);
+ this->iv.m_bh->biSize = bihs;
this->iv.m_State = STOP;
//this->iv.m_pFrame = 0;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-22 05:18:15 +0000