summaryrefslogtreecommitdiff
path: root/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch')
-rw-r--r--libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch
new file mode 100644
index 000000000..a1737c0dc
--- /dev/null
+++ b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch
@@ -0,0 +1,25 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
+
+diff --git a/src/util.c b/src/util.c
+index d8dc3c3..9422fc5 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file)
+
+ void quicktime_read_pascal(quicktime_t *file, char *data)
+ {
+- char len = quicktime_read_char(file);
+- quicktime_read_data(file, (uint8_t*)data, len);
+- data[(int)len] = 0;
++ int len = quicktime_read_char(file);
++ if ((len > 0) && (len < 256)) {
++ /* data[] is expected to be 256 bytes long */
++ quicktime_read_data(file, (uint8_t*)data, len);
++ data[len] = 0;
++ } else {
++ data[0] = 0;
++ }
+ }
+
+ void quicktime_write_pascal(quicktime_t *file, char *data)