diff options
| author | Omar Vega Ramos <ovruni@gnu.org.pe> | 2018-05-13 15:45:12 -0500 |
|---|---|---|
| committer | Omar Vega Ramos <ovruni@gnu.org.pe> | 2018-05-13 15:45:12 -0500 |
| commit | 40047ef9a6624fc6fde8a9383fd64cd3fcce1963 (patch) | |
| tree | 06799cf89f309063949d1f0fa40ae4a777140566 /libre/libquicktime/CVE-2016-2399.patch | |
| parent | c1fd44cb9eda55f4be88786e7153e791b1aab3ca (diff) | |
| download | abslibre-40047ef9a6624fc6fde8a9383fd64cd3fcce1963.tar.gz abslibre-40047ef9a6624fc6fde8a9383fd64cd3fcce1963.tar.bz2 abslibre-40047ef9a6624fc6fde8a9383fd64cd3fcce1963.zip | |
libquicktime-1.2.4-18.parabola1: rebuild for ffmpeg 4.0
Diffstat (limited to 'libre/libquicktime/CVE-2016-2399.patch')
| -rw-r--r-- | libre/libquicktime/CVE-2016-2399.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/libre/libquicktime/CVE-2016-2399.patch b/libre/libquicktime/CVE-2016-2399.patch new file mode 100644 index 000000000..a1737c0dc --- /dev/null +++ b/libre/libquicktime/CVE-2016-2399.patch @@ -0,0 +1,25 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399 + +diff --git a/src/util.c b/src/util.c +index d8dc3c3..9422fc5 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file) + + void quicktime_read_pascal(quicktime_t *file, char *data) + { +- char len = quicktime_read_char(file); +- quicktime_read_data(file, (uint8_t*)data, len); +- data[(int)len] = 0; ++ int len = quicktime_read_char(file); ++ if ((len > 0) && (len < 256)) { ++ /* data[] is expected to be 256 bytes long */ ++ quicktime_read_data(file, (uint8_t*)data, len); ++ data[len] = 0; ++ } else { ++ data[0] = 0; ++ } + } + + void quicktime_write_pascal(quicktime_t *file, char *data) |