diff options
| author | Omar Vega Ramos <ovruni@gnu.org.pe> | 2020-04-03 14:23:03 -0500 |
|---|---|---|
| committer | Omar Vega Ramos <ovruni@gnu.org.pe> | 2020-04-03 14:23:03 -0500 |
| commit | 9b3403615b95317b76b725328d059bbc1893da3d (patch) | |
| tree | d2fde48f4e831c23a361ab6e16c1d8dc812392c4 /libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch | |
| parent | 9fc410f3ecdc790c30599ea74cc9d74a8792115d (diff) | |
| download | abslibre-9b3403615b95317b76b725328d059bbc1893da3d.tar.gz abslibre-9b3403615b95317b76b725328d059bbc1893da3d.tar.bz2 abslibre-9b3403615b95317b76b725328d059bbc1893da3d.zip | |
libquicktime-1.2.4-22.parabola1: rebuild
Diffstat (limited to 'libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch')
| -rw-r--r-- | libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch new file mode 100644 index 000000000..a1737c0dc --- /dev/null +++ b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch @@ -0,0 +1,25 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399 + +diff --git a/src/util.c b/src/util.c +index d8dc3c3..9422fc5 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file) + + void quicktime_read_pascal(quicktime_t *file, char *data) + { +- char len = quicktime_read_char(file); +- quicktime_read_data(file, (uint8_t*)data, len); +- data[(int)len] = 0; ++ int len = quicktime_read_char(file); ++ if ((len > 0) && (len < 256)) { ++ /* data[] is expected to be 256 bytes long */ ++ quicktime_read_data(file, (uint8_t*)data, len); ++ data[len] = 0; ++ } else { ++ data[0] = 0; ++ } + } + + void quicktime_write_pascal(quicktime_t *file, char *data) |