rpms/dvgrab/F-9 dvgrab-3.1-bad-timecode-handling.patch, NONE, 1.1 dvgrab.spec, 1.23, 1.24 dvgrab-3.0-fixes.patch, 1.1, NONE

Tue Jun 24 20:36:12 UTC 2008

Author: jwilson

Update of /cvs/pkgs/rpms/dvgrab/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22827

Modified Files:
	dvgrab.spec 
Added Files:
	dvgrab-3.1-bad-timecode-handling.patch 
Removed Files:
	dvgrab-3.0-fixes.patch 
Log Message:
* Tue Jun 24 2008 Jarod Wilson <jwilson at redhat.com> - 3.1-3
- Fix segfault when we get bogus timecodes (#370931)


dvgrab-3.1-bad-timecode-handling.patch:

--- NEW FILE dvgrab-3.1-bad-timecode-handling.patch ---
Date: 2008-04-13 18:42
From: Patrick Mansfield <patman at ar...>
Subject: fix segfault when timecodes are bad

Hi -

I am also hitting bug 1865787 "dvgrab-3.x -autosplit segfaults', this:

http://sourceforge.net/tracker/index.php?func=detail&aid=1865787&group_id=14103&atid=114103

Large timecode values are causing a stack overflow in DVgrab::sendCaptureStatus,
the printf precision for integers specifies the minimum number of digits,
not the maximum, so the tc_str can be longer than 32 bytes.

I don't know WHY the timecodes are so large, but at least it doesn't
segfault with this patch.

With the fix (or while debugging), I am seeing status lines like this:

"again-2003.12.24_09-06-53.avi": 36.91 MiB 322 frames timecode 00:07:56.14 date 2003.12.24 09:07:04
"again-2003.12.24_09-08-20.avi": 74.57 MiB 651 frames timecode 167058900:-1319513512:-1291087864.163713312 date 2008.04.13 11:23:17
"again-2004.01.14_11-32-20.avi": 10.02 MiB 87 frames timecode 00:00:03.15 date 2004.01.14 11:32:23

Without the fix, we segfault before the second line above can be output.

I have a test file if someone wants it, but it is 200Mb in size.

The strings should fit into 47 and 77 bytes respectively, but the fix
allows for some extra space and uses 64 and 128 bytes for the strings in
DVgrab::sendCaptureStatus (even though it is the timecode that was causing
the segfault, we should be safe and increase the size of both strings).

Index: dvgrab/dvgrab.cc
===================================================================
RCS file: /cvsroot/kino/dvgrab/dvgrab.cc,v
retrieving revision 1.61
diff -u -r1.61 dvgrab.cc
--- dvgrab/dvgrab.cc 27 Feb 2008 05:09:48 -0000 1.61
+++ dvgrab/dvgrab.cc 13 Apr 2008 18:27:11 -0000
@@ -779,7 +779,7 @@
 
 void DVgrab::sendCaptureStatus( const char *name, float size, int frames, TimeCode *tc, struct tm *rd, bool newline )
 {
-	char tc_str[32], rd_str[32];
+	char tc_str[64], rd_str[128];
 
 	if ( tc )
 		sprintf( tc_str, "%2.2d:%2.2d:%2.2d.%2.2d", 


Index: dvgrab.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dvgrab/F-9/dvgrab.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- dvgrab.spec	13 Feb 2008 19:09:52 -0000	1.23
+++ dvgrab.spec	24 Jun 2008 20:35:26 -0000	1.24
@@ -1,12 +1,13 @@
 Summary:        Utility to capture video from a DV camera
 Name:           dvgrab
 Version:        3.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPL
 Group:          Applications/Multimedia
 URL:            http://www.kinodv.org/
 Source:         http://dl.sf.net/kino/dvgrab-%{version}.tar.gz
-Patch:          dvgrab-3.1-gcc43-fix.patch
+Patch1:         dvgrab-3.1-gcc43-fix.patch
+Patch2:         dvgrab-3.1-bad-timecode-handling.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libraw1394-devel libavc1394-devel libdv-devel
 BuildRequires:  libiec61883-devel libjpeg-devel
@@ -18,7 +19,8 @@
 
 %prep
 %setup -q
-%patch -p1
+%patch1 -p1
+%patch2 -p1
 
 %build
 %configure
@@ -38,6 +40,9 @@
 %{_mandir}/man1/dvgrab.1*
 
 %changelog
+* Tue Jun 24 2008 Jarod Wilson <jwilson at redhat.com> - 3.1-3
+- Fix segfault when we get bogus timecodes (#370931)
+
 * Wed Feb 13 2008 Jarod Wilson <jwilson at redhat.com> - 3.1-2
 - Fix build with gcc 4.3
 


--- dvgrab-3.0-fixes.patch DELETED ---


