[xine-cvs] CVS: xine-lib/src/libw32dll/DirectShow DS_VideoDecoder.c, 1.9, 1.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/xine/xine-lib/src/libw32dll/DirectShow
In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv10809/src/libw32dll/DirectShow

Modified Files:
	DS_VideoDecoder.c 
Log Message:
  * Security fixes:
    - Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925]
      Thanks to Kees Cook for reporting.


Index: DS_VideoDecoder.c
===================================================================
RCS file: /cvsroot/xine/xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10

--- DS_VideoDecoder.c	24 Dec 2003 16:55:36 -0000	1.9
+++ DS_VideoDecoder.c	10 Mar 2007 00:41:34 -0000	1.10
@@ -110,6 +110,7 @@
      
         this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
         memcpy(this->iv.m_bh, format, bihs);
+        this->iv.m_bh->biSize = bihs;
 
         this->iv.m_State = STOP;
         //this->iv.m_pFrame = 0;



