rpms / flac

Clone
Source Code
GIT

Blame SOURCES/flac-1.3.0-cve-2014-8962.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   f7ebc0d452de9c93edc72e7e2cbc0bccc6b80916
  2.   SOURCES
  3.   flac-1.3.0-cve-2014-8962.patch
Blob History Raw
f7ebc0 
commit 5b3033a2b355068c11fe637e14ac742d273f076e
f7ebc0 
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
f7ebc0 
Date:   Tue Nov 18 07:20:25 2014 -0800
f7ebc0
f7ebc0 
    src/libFLAC/stream_decoder.c : Fix buffer read overflow.
f7ebc0
f7ebc0 
    This is CVE-2014-8962.
f7ebc0
f7ebc0 
    Reported-by: Michele Spagnuolo,
f7ebc0 
                 Google Security Team <mikispag@google.com>
f7ebc0
f7ebc0 
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
f7ebc0 
index cb66fe2..88a656d 100644
f7ebc0 
--- a/src/libFLAC/stream_decoder.c
f7ebc0 
+++ b/src/libFLAC/stream_decoder.c
f7ebc0 
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
f7ebc0 
  *
f7ebc0 
  ***********************************************************************/
f7ebc0
f7ebc0 
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
f7ebc0 
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
f7ebc0
f7ebc0 
 /***********************************************************************
f7ebc0 
  *
f7ebc0 
@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
f7ebc0 
 			id = 0;
f7ebc0 
 			continue;
f7ebc0 
 		}
f7ebc0 
+
f7ebc0 
+		if(id >= 3)
f7ebc0 
+			return false;
f7ebc0 
+
f7ebc0 
 		if(x == ID3V2_TAG_[id]) {
f7ebc0 
 			id++;
f7ebc0 
 			i = 0;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation