[vlc-commits] asf: Fix out of bound read
Hugo Beauzée-Luyssen
git at videolan.org
Wed Aug 14 18:13:31 CEST 2019
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Wed Aug 7 17:36:37 2019 +0200| [fdbdd677c1e6262f31771b0ba10afb24aabf108c] | committer: Hugo Beauzée-Luyssen
asf: Fix out of bound read
p_data is already offset by 64 bytes, so we need to propagate that
offset to the boundary check
CVE-2019-14776
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=fdbdd677c1e6262f31771b0ba10afb24aabf108c
---
modules/demux/asf/asf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/demux/asf/asf.c b/modules/demux/asf/asf.c
index 9dd30eb462..441d9ec7e4 100644
--- a/modules/demux/asf/asf.c
+++ b/modules/demux/asf/asf.c
@@ -1105,7 +1105,7 @@ static int DemuxInit( demux_t *p_demux )
{
GET_CHECKED( fmt.i_extra, __MIN( GetWLE( &p_data[16] ),
p_sp->i_type_specific_data_length -
- sizeof( WAVEFORMATEX ) ),
+ sizeof( WAVEFORMATEX ) - 64),
INT_MAX, uint32_t );
fmt.p_extra = malloc( fmt.i_extra );
if ( fmt.p_extra )
More information about the vlc-commits
mailing list