Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.1:Rings:1-MinimalX
wavpack
CVE-2018-7253.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-7253.patch of Package wavpack
From 36a24c7881427d2e1e4dc1cef58f19eee0d13aec Mon Sep 17 00:00:00 2001 From: David Bryant <david@wavpack.com> Date: Sat, 10 Feb 2018 16:01:39 -0800 Subject: [PATCH] issue #28, do not overwrite heap on corrupt DSDIFF file Upstream: merged --- cli/dsdiff.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/cli/dsdiff.c b/cli/dsdiff.c index 410dc1c..c016df9 100644 --- a/cli/dsdiff.c +++ b/cli/dsdiff.c @@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa error_line ("dsdiff file version = 0x%08x", version); } else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) { - char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); + char *prop_chunk; + + if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { + error_line ("%s is not a valid .DFF file!", infilename); + return WAVPACK_SOFT_ERROR; + } + + if (debug_logging_mode) + error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize); + + prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || bcount != dff_chunk_header.ckDataSize) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor