[vlc-commits] contrib: sidplay: Fix out of bound access

Hugo Beauzée-Luyssen git at videolan.org
Tue Apr 7 11:19:07 CEST 2020 

vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <hugo at beauzee.fr> | Fri Nov 22 14:29:06 2019 +0100| [5a9a71d6e954cc1ad5951310a7ac86e18fd1b2ce] | committer: Hugo Beauzée-Luyssen

contrib: sidplay: Fix out of bound access

(cherry picked from commit c3d48d1860914b8a3b11e5912c6ccf0044fcb213)
Signed-off-by: Hugo Beauzée-Luyssen <hugo at beauzee.fr>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=5a9a71d6e954cc1ad5951310a7ac86e18fd1b2ce
---

 contrib/src/sidplay2/rules.mak                   |  1 +
 contrib/src/sidplay2/sidplay2-fix-overflow.patch | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/contrib/src/sidplay2/rules.mak b/contrib/src/sidplay2/rules.mak
index 9888313732..8b30967fff 100644
--- a/contrib/src/sidplay2/rules.mak
+++ b/contrib/src/sidplay2/rules.mak
@@ -23,6 +23,7 @@ sidplay-libs: sidplay-libs-$(SID_VERSION).tar.gz .sum-sidplay2
 	$(APPLY) $(SRC)/sidplay2/sidplay2-smartprt.patch
 	$(APPLY) $(SRC)/sidplay2/sidplay2-noutils.patch
 	$(APPLY) $(SRC)/sidplay2/sidplay2-string.patch
+	$(APPLY) $(SRC)/sidplay2/sidplay2-fix-overflow.patch
 	$(MOVE)
 
 .sidplay2: sidplay-libs
diff --git a/contrib/src/sidplay2/sidplay2-fix-overflow.patch b/contrib/src/sidplay2/sidplay2-fix-overflow.patch
new file mode 100644
index 0000000000..03e366271f
--- /dev/null
+++ b/contrib/src/sidplay2/sidplay2-fix-overflow.patch
@@ -0,0 +1,14 @@
+--- sidplay-libs/libsidplay/src/sidtune/SidTune.cpp.old	2019-11-22 14:24:46.584743428 +0100
++++ sidplay-libs/libsidplay/src/sidtune/SidTune.cpp	2019-11-22 14:24:52.620740613 +0100
+@@ -554,6 +554,11 @@
+ bool SidTune::acceptSidTune(const char* dataFileName, const char* infoFileName,
+                             Buffer_sidtt<const uint_least8_t>& buf)
+ {
++    if( buf.len() < fileOffset)
++    {
++        info.statusString = SidTune::txt_corrupt;
++        return false;
++    }
+     // @FIXME@ - MUS
+     if ( info.numberOfInfoStrings == 3 )
+     {   // Add <?> (HVSC standard) to missing title, author, release fields

More information about the vlc-commits mailing list