[vlc-devel] commit: Fix for [oCERT-2008-004] multiple speex implementations insufficient boundary checks. Patch by Eren Türkay ( Jean-Baptiste Kempf )
git version control
git at videolan.org
Thu Apr 17 20:18:54 CEST 2008
vlc | branch: master | Jean-Baptiste Kempf <jb at videolan.org> | Thu Apr 17 11:19:35 2008 -0700| [8060b3457e20e6223b70927693f8da8f547b8fef]
Fix for [oCERT-2008-004] multiple speex implementations insufficient boundary checks. Patch by Eren Türkay
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=8060b3457e20e6223b70927693f8da8f547b8fef
---
THANKS | 1 +
modules/codec/speex.c | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/THANKS b/THANKS
index f32bb99..56b9cad 100644
--- a/THANKS
+++ b/THANKS
@@ -78,6 +78,7 @@ Dylan Yudaken <dyudaken -- gmail # com> - hotkeys patch
Emmanuel Blindauer <manu at agat.net> - aRts audio output
Enrico Gueli <e_gueli at yahoo.it> - Brightness threshold in adjust video filter
Enrique Osuna <enrique.osuna at gmail.com> - Various bug fixes in libvlc. Major Mac OS X Framework improvements.
+Eren Türkay <turkay dot eren \a/ gmail point com> - Speex boundary checks and security fix
Espen Skoglund <esk at ira.uka.de> - FreeBSD autoconf and Makefile patches
Ethan C. Baldridge <BaldridgeE at cadmus.com> - directory browsing code
Eurodata Computer Club <retron.info> - VLC icon design (v0.8.4)
diff --git a/modules/codec/speex.c b/modules/codec/speex.c
index d563245..83890bb 100644
--- a/modules/codec/speex.c
+++ b/modules/codec/speex.c
@@ -357,7 +357,7 @@ static int ProcessInitialHeader( decoder_t *p_dec, ogg_packet *p_oggpacket )
msg_Err( p_dec, "cannot read Speex header" );
return VLC_EGENERIC;
}
- if( p_header->mode >= SPEEX_NB_MODES )
+ if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
{
msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
"this version of libspeex.", p_header->mode );
More information about the vlc-devel
mailing list