From 9b3403615b95317b76b725328d059bbc1893da3d Mon Sep 17 00:00:00 2001
From: Omar Vega Ramos <ovruni@gnu.org.pe>
Date: Fri, 3 Apr 2020 14:23:03 -0500
Subject: libquicktime-1.2.4-22.parabola1: rebuild

---
 .../libquicktime-1.2.4-CVE-2016-2399.patch         | 25 ++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch

(limited to 'libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch')

diff --git a/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch
new file mode 100644
index 000000000..a1737c0dc
--- /dev/null
+++ b/libre/libquicktime/libquicktime-1.2.4-CVE-2016-2399.patch
@@ -0,0 +1,25 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
+
+diff --git a/src/util.c b/src/util.c
+index d8dc3c3..9422fc5 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file)
+ 
+ void quicktime_read_pascal(quicktime_t *file, char *data)
+ {
+-	char len = quicktime_read_char(file);
+-	quicktime_read_data(file, (uint8_t*)data, len);
+-	data[(int)len] = 0;
++	int len = quicktime_read_char(file);
++	if ((len > 0) && (len < 256)) {
++          /* data[] is expected to be 256 bytes long */
++          quicktime_read_data(file, (uint8_t*)data, len);
++          data[len] = 0;
++        } else {
++          data[0] = 0;
++        }
+ }
+ 
+ void quicktime_write_pascal(quicktime_t *file, char *data)
-- 
cgit v1.2.3