blob: a1737c0dc0a984389fa538f07dc21f9fcc02e370 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
diff --git a/src/util.c b/src/util.c
index d8dc3c3..9422fc5 100644
--- a/src/util.c
+++ b/src/util.c
@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file)
void quicktime_read_pascal(quicktime_t *file, char *data)
{
- char len = quicktime_read_char(file);
- quicktime_read_data(file, (uint8_t*)data, len);
- data[(int)len] = 0;
+ int len = quicktime_read_char(file);
+ if ((len > 0) && (len < 256)) {
+ /* data[] is expected to be 256 bytes long */
+ quicktime_read_data(file, (uint8_t*)data, len);
+ data[len] = 0;
+ } else {
+ data[0] = 0;
+ }
}
void quicktime_write_pascal(quicktime_t *file, char *data)
|