diff options
Diffstat (limited to 'libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch')
-rw-r--r-- | libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch new file mode 100644 index 000000000..a1737c0dc --- /dev/null +++ b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch @@ -0,0 +1,25 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399 + +diff --git a/src/util.c b/src/util.c +index d8dc3c3..9422fc5 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file) + + void quicktime_read_pascal(quicktime_t *file, char *data) + { +- char len = quicktime_read_char(file); +- quicktime_read_data(file, (uint8_t*)data, len); +- data[(int)len] = 0; ++ int len = quicktime_read_char(file); ++ if ((len > 0) && (len < 256)) { ++ /* data[] is expected to be 256 bytes long */ ++ quicktime_read_data(file, (uint8_t*)data, len); ++ data[len] = 0; ++ } else { ++ data[0] = 0; ++ } + } + + void quicktime_write_pascal(quicktime_t *file, char *data) |