|
|
9ced7b |
From d06fa15d1c113edea0d6760ea19af8e8d0af0d94 Mon Sep 17 00:00:00 2001
|
|
|
9ced7b |
From: James Zern <jzern@google.com>
|
|
|
9ced7b |
Date: Fri, 7 Jun 2019 15:06:29 -0700
|
|
|
9ced7b |
Subject: [PATCH 4/4] CVE-2019-2126: update libwebm to
|
|
|
9ced7b |
libwebm-1.0.0.27-361-g81de00c
|
|
|
9ced7b |
|
|
|
9ced7b |
81de00c Check there is only one settings per ContentCompression
|
|
|
9ced7b |
5623013 Fixes a double free in ContentEncoding
|
|
|
9ced7b |
93b2ba0 mkvparser: quiet static analysis warnings
|
|
|
9ced7b |
|
|
|
9ced7b |
Change-Id: Ieaa562ef2f10075381bd856388e6b29f97ca2746
|
|
|
9ced7b |
---
|
|
|
9ced7b |
third_party/libwebm/README.libvpx | 2 +-
|
|
|
9ced7b |
third_party/libwebm/mkvparser/mkvparser.cc | 9 +++++++++
|
|
|
9ced7b |
2 files changed, 10 insertions(+), 1 deletion(-)
|
|
|
9ced7b |
|
|
|
9ced7b |
diff --git a/third_party/libwebm/README.libvpx b/third_party/libwebm/README.libvpx
|
|
|
9ced7b |
index 16f17513e..714f5d0eb 100644
|
|
|
9ced7b |
--- a/third_party/libwebm/README.libvpx
|
|
|
9ced7b |
+++ b/third_party/libwebm/README.libvpx
|
|
|
9ced7b |
@@ -1,5 +1,5 @@
|
|
|
9ced7b |
URL: https://chromium.googlesource.com/webm/libwebm
|
|
|
9ced7b |
-Version: dbf1d1089756e7cb5b1a04d6752310ef35912347
|
|
|
9ced7b |
+Version: 81de00c43ea3c087b48a8c20337db7531b9f7612
|
|
|
9ced7b |
License: BSD
|
|
|
9ced7b |
License File: LICENSE.txt
|
|
|
9ced7b |
|
|
|
9ced7b |
diff --git a/third_party/libwebm/mkvparser/mkvparser.cc b/third_party/libwebm/mkvparser/mkvparser.cc
|
|
|
9ced7b |
index dcb969dcf..ace65bd59 100644
|
|
|
9ced7b |
--- a/third_party/libwebm/mkvparser/mkvparser.cc
|
|
|
9ced7b |
+++ b/third_party/libwebm/mkvparser/mkvparser.cc
|
|
|
9ced7b |
@@ -4230,6 +4230,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
|
|
|
9ced7b |
new (std::nothrow) ContentEncryption*[encryption_count];
|
|
|
9ced7b |
if (!encryption_entries_) {
|
|
|
9ced7b |
delete[] compression_entries_;
|
|
|
9ced7b |
+ compression_entries_ = NULL;
|
|
|
9ced7b |
return -1;
|
|
|
9ced7b |
}
|
|
|
9ced7b |
encryption_entries_end_ = encryption_entries_;
|
|
|
9ced7b |
@@ -4261,6 +4262,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
|
|
|
9ced7b |
delete compression;
|
|
|
9ced7b |
return status;
|
|
|
9ced7b |
}
|
|
|
9ced7b |
+ assert(compression_count > 0);
|
|
|
9ced7b |
*compression_entries_end_++ = compression;
|
|
|
9ced7b |
} else if (id == libwebm::kMkvContentEncryption) {
|
|
|
9ced7b |
ContentEncryption* const encryption =
|
|
|
9ced7b |
@@ -4273,6 +4275,7 @@ long ContentEncoding::ParseContentEncodingEntry(long long start, long long size,
|
|
|
9ced7b |
delete encryption;
|
|
|
9ced7b |
return status;
|
|
|
9ced7b |
}
|
|
|
9ced7b |
+ assert(encryption_count > 0);
|
|
|
9ced7b |
*encryption_entries_end_++ = encryption;
|
|
|
9ced7b |
}
|
|
|
9ced7b |
|
|
|
9ced7b |
@@ -4325,6 +4328,12 @@ long ContentEncoding::ParseCompressionEntry(long long start, long long size,
|
|
|
9ced7b |
return status;
|
|
|
9ced7b |
}
|
|
|
9ced7b |
|
|
|
9ced7b |
+ // There should be only one settings element per content compression.
|
|
|
9ced7b |
+ if (compression->settings != NULL) {
|
|
|
9ced7b |
+ delete[] buf;
|
|
|
9ced7b |
+ return E_FILE_FORMAT_INVALID;
|
|
|
9ced7b |
+ }
|
|
|
9ced7b |
+
|
|
|
9ced7b |
compression->settings = buf;
|
|
|
9ced7b |
compression->settings_len = buflen;
|
|
|
9ced7b |
}
|
|
|
9ced7b |
--
|
|
|
9ced7b |
2.25.1
|
|
|
9ced7b |
|