https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399 diff --git a/src/util.c b/src/util.c index d8dc3c3..9422fc5 100644 --- a/src/util.c +++ b/src/util.c @@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file) void quicktime_read_pascal(quicktime_t *file, char *data) { - char len = quicktime_read_char(file); - quicktime_read_data(file, (uint8_t*)data, len); - data[(int)len] = 0; + int len = quicktime_read_char(file); + if ((len > 0) && (len < 256)) { + /* data[] is expected to be 256 bytes long */ + quicktime_read_data(file, (uint8_t*)data, len); + data[len] = 0; + } else { + data[0] = 0; + } } void quicktime_write_pascal(quicktime_t *file, char *data)