[mediatomb] - rhbz651414: patch added to fix buffer overruns on unusually long files

rmattes rmattes at fedoraproject.org
Mon Nov 22 06:09:21 UTC 2010 

commit d950b5fdc7c67763dae27368289a2e8aa1dcfad7
Author: Rich <richmattes at gmail.com>
Date:   Mon Nov 22 01:09:05 2010 -0500

    - rhbz651414: patch added to fix buffer overruns on unusually long files

 mediatomb-0.12.1.fixbufferoverrun.patch |   13 +++++++++++++
 mediatomb.spec                          |   11 ++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)
---
diff --git a/mediatomb-0.12.1.fixbufferoverrun.patch b/mediatomb-0.12.1.fixbufferoverrun.patch
new file mode 100644
index 0000000..0a324c5
--- /dev/null
+++ b/mediatomb-0.12.1.fixbufferoverrun.patch
@@ -0,0 +1,13 @@
+diff -up ./src/tools.cc.fixbufferoverrun ./src/tools.cc
+--- ./src/tools.cc.fixbufferoverrun	2010-11-22 00:57:31.387188000 -0500
++++ ./src/tools.cc	2010-11-22 00:57:44.865188000 -0500
+@@ -665,6 +665,9 @@ String secondsToHMS(int seconds)
+     h = seconds / 60;
+ 
+     // XXX:XX:XX
++		// This fails if h goes over 999
++		if h > 999
++			h = 999;
+     char *str = (char *)malloc(10);
+     sprintf(str, "%02d:%02d:%02d", h, m, s);
+     return String::take(str);
diff --git a/mediatomb.spec b/mediatomb.spec
index bbc04dd..73b1227 100644
--- a/mediatomb.spec
+++ b/mediatomb.spec
@@ -1,17 +1,18 @@
 Version: 0.12.1
 Summary: UPnP AV MediaServer 
 Name: mediatomb
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: MediaTomb - UPnP AV Mediaserver for Linux
 License: GPLv2
 Group: Applications/Multimedia
-Source: http://downloads.sourceforge.net/mediatomb/%{name}-%{version}.tar.gz
 URL: http://mediatomb.cc
+Source: http://downloads.sourceforge.net/mediatomb/%{name}-%{version}.tar.gz
+Patch0: mediatomb-0.12.1.fixogg.patch
+Patch1: mediatomb-0.12.1.fixbufferoverrun.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) 
 BuildRequires: sqlite-devel, mysql-devel, libexif-devel, id3lib-devel, file-devel, js-devel, zlib-devel, taglib-devel
 BuildRequires: expat-devel, libcurl-devel
 BuildRequires: libmp4v2-devel
-Patch0: mediatomb-0.12.1.fixogg.patch
 %if 0%{?fedora} >= 13
 %else
 %if 0%{?fedora} >= 9
@@ -36,6 +37,7 @@ be found on http://www.upnp.org/.
 %prep 
 %setup -q
 %patch0 -p0
+%patch1 -p0
 
 %build
 # Fedora 13 on use system jsapi.h
@@ -113,6 +115,9 @@ fi
 %{_initrddir}/mediatomb
 
 %changelog
+* Mon Nov 22 2010 Rich Mattes <richmattes at gmail.com> - 0.12.1-4
+- rhbz651414: patch added to fix buffer overruns on unusually long files
+
 * Fri Nov 12 2010 Rich Mattes <richmattes at gmail.com> - 0.12.1-3
 - Add patch to enable ogg metadata by default

More information about the scm-commits mailing list