rpms / flac

Clone
Source Code
GIT

Blame SOURCES/flac-cve-2020-0499.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   346cf7d7cb2d6f9086f2de59ee4d39dd1620b99e
  2.   SOURCES
  3.   flac-cve-2020-0499.patch
Blob History Raw
346cf7 
commit 2e7931c27eb15e387da440a37f12437e35b22dd4
346cf7 
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
346cf7 
Date:   Mon Oct 7 12:55:58 2019 +1100
346cf7
346cf7 
    libFLAC/bitreader.c: Fix out-of-bounds read
346cf7
346cf7 
    Credit: Oss-Fuzz
346cf7 
    Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
346cf7 
    Testcase: fuzzer_decoder-5670265022840832
346cf7
346cf7 
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
346cf7 
index 5e4b5918..3df4d02c 100644
346cf7 
--- a/src/libFLAC/bitreader.c
346cf7 
+++ b/src/libFLAC/bitreader.c
346cf7 
@@ -869,7 +869,7 @@ incomplete_lsbs:
346cf7 
 			cwords = br->consumed_words;
346cf7 
 			words = br->words;
346cf7 
 			ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
346cf7 
-			b = br->buffer[cwords] << br->consumed_bits;
346cf7 
+			b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
346cf7 
 		} while(cwords >= words && val < end);
346cf7 
 	}
346cf7

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation