rpms / flac

Clone
Source Code
GIT

Blame SOURCES/flac-cve-2020-0499.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   3b83d091253bcb1b684c852a4d2fe6e2f80005de
  2.   SOURCES
  3.   flac-cve-2020-0499.patch
Blob History Raw
3b83d0 
commit 2e7931c27eb15e387da440a37f12437e35b22dd4
3b83d0 
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
3b83d0 
Date:   Mon Oct 7 12:55:58 2019 +1100
3b83d0
3b83d0 
    libFLAC/bitreader.c: Fix out-of-bounds read
3b83d0
3b83d0 
    Credit: Oss-Fuzz
3b83d0 
    Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
3b83d0 
    Testcase: fuzzer_decoder-5670265022840832
3b83d0
3b83d0 
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
3b83d0 
index 5e4b5918..3df4d02c 100644
3b83d0 
--- a/src/libFLAC/bitreader.c
3b83d0 
+++ b/src/libFLAC/bitreader.c
3b83d0 
@@ -869,7 +869,7 @@ incomplete_lsbs:
3b83d0 
 			cwords = br->consumed_words;
3b83d0 
 			words = br->words;
3b83d0 
 			ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
3b83d0 
-			b = br->buffer[cwords] << br->consumed_bits;
3b83d0 
+			b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
3b83d0 
 		} while(cwords >= words && val < end);
3b83d0 
 	}
3b83d0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation