[vlc-commits] contrib: sidplay: Fix out of bound access
Hugo Beauzée-Luyssen
git at videolan.org
Tue Apr 7 11:16:10 CEST 2020
vlc | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Fri Nov 22 14:29:06 2019 +0100| [c3d48d1860914b8a3b11e5912c6ccf0044fcb213] | committer: Hugo Beauzée-Luyssen
contrib: sidplay: Fix out of bound access
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c3d48d1860914b8a3b11e5912c6ccf0044fcb213
---
contrib/src/sidplay2/rules.mak | 1 +
contrib/src/sidplay2/sidplay2-fix-overflow.patch | 14 ++++++++++++++
2 files changed, 15 insertions(+)
diff --git a/contrib/src/sidplay2/rules.mak b/contrib/src/sidplay2/rules.mak
index de77935774..0a303363db 100644
--- a/contrib/src/sidplay2/rules.mak
+++ b/contrib/src/sidplay2/rules.mak
@@ -26,6 +26,7 @@ sidplay-libs: sidplay-libs-$(SID_VERSION).tar.gz .sum-sidplay2
$(APPLY) $(SRC)/sidplay2/sidplay-fix-ln-s.patch
$(APPLY) $(SRC)/sidplay2/sidplay2-resid-dependency.patch
$(APPLY) $(SRC)/sidplay2/sidplay2-char-cast.patch
+ $(APPLY) $(SRC)/sidplay2/sidplay2-fix-overflow.patch
$(MOVE)
.sidplay2: sidplay-libs
diff --git a/contrib/src/sidplay2/sidplay2-fix-overflow.patch b/contrib/src/sidplay2/sidplay2-fix-overflow.patch
new file mode 100644
index 0000000000..03e366271f
--- /dev/null
+++ b/contrib/src/sidplay2/sidplay2-fix-overflow.patch
@@ -0,0 +1,14 @@
+--- sidplay-libs/libsidplay/src/sidtune/SidTune.cpp.old 2019-11-22 14:24:46.584743428 +0100
++++ sidplay-libs/libsidplay/src/sidtune/SidTune.cpp 2019-11-22 14:24:52.620740613 +0100
+@@ -554,6 +554,11 @@
+ bool SidTune::acceptSidTune(const char* dataFileName, const char* infoFileName,
+ Buffer_sidtt<const uint_least8_t>& buf)
+ {
++ if( buf.len() < fileOffset)
++ {
++ info.statusString = SidTune::txt_corrupt;
++ return false;
++ }
+ // @FIXME@ - MUS
+ if ( info.numberOfInfoStrings == 3 )
+ { // Add <?> (HVSC standard) to missing title, author, release fields
More information about the vlc-commits
mailing list