rpms / libsndfile

Clone
Source Code
GIT

Blame SOURCES/libsndfile-1.0.29-cve2017_6892.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   8d8ca0fa72fe8588d1b4332330b414e63ea955b4
  2.   SOURCES
  3.   libsndfile-1.0.29-cve2017_6892.patch
Blob History Raw
327a27 
From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
327a27 
From: Erik de Castro Lopo <erikd@mega-nerd.com>
327a27 
Date: Tue, 23 May 2017 20:15:24 +1000
327a27 
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
327a27
327a27 
Secunia Advisory SA76717.
327a27
327a27 
Found by: Laurent Delosieres, Secunia Research at Flexera Software
327a27 
---
327a27 
 src/aiff.c | 2 +-
327a27 
 1 file changed, 1 insertion(+), 1 deletion(-)
327a27
327a27 
diff --git a/src/aiff.c b/src/aiff.c
327a27 
index 5b5f9f53..45864b76 100644
327a27 
--- a/src/aiff.c
327a27 
+++ b/src/aiff.c
327a27 
@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
327a27 
 		psf_binheader_readf (psf, "j", dword - bytesread) ;
327a27
327a27 
 	if (map_info->channel_map != NULL)
327a27 
-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
327a27 
+	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
327a27
327a27 
 		free (psf->channel_map) ;
327a27

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation