[vlc-commits] asf: Fix out of bound read
Hugo Beauzée-Luyssen
git at videolan.org
Wed Aug 14 18:24:32 CEST 2019
vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Wed Aug 7 17:36:37 2019 +0200| [4d262af8da7d479cbf57461e01ccd19281579633] | committer: Hugo Beauzée-Luyssen
asf: Fix out of bound read
p_data is already offset by 64 bytes, so we need to propagate that
offset to the boundary check
CVE-2019-14776
(cherry picked from commit fdbdd677c1e6262f31771b0ba10afb24aabf108c)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=4d262af8da7d479cbf57461e01ccd19281579633
---
modules/demux/asf/asf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/demux/asf/asf.c b/modules/demux/asf/asf.c
index 22e60194d3..a05ebe825b 100644
--- a/modules/demux/asf/asf.c
+++ b/modules/demux/asf/asf.c
@@ -1102,7 +1102,7 @@ static int DemuxInit( demux_t *p_demux )
{
GET_CHECKED( fmt.i_extra, __MIN( GetWLE( &p_data[16] ),
p_sp->i_type_specific_data_length -
- sizeof( WAVEFORMATEX ) ),
+ sizeof( WAVEFORMATEX ) - 64),
INT_MAX, uint32_t );
fmt.p_extra = malloc( fmt.i_extra );
if ( fmt.p_extra )
More information about the vlc-commits
mailing list