Takashi Iwai
55ab37e051
- A couple of security fixes:
* flac-fix-CVE-2014-8962.patch:
arbitrary code execution by a stack overflow (CVE-2014-8692,
bnc#906831)
* flac-fix-CVE-2014-9028.patch:
Heap overflow via specially crafted .flac files (CVE-2014-9028,
bnc#907016)
OBS-URL: https://build.opensuse.org/request/show/263117
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/flac?expand=0&rev=41
36 lines
1.0 KiB
Diff
36 lines
1.0 KiB
Diff
From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001
|
|
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
|
Date: Tue, 18 Nov 2014 07:20:25 -0800
|
|
Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow.
|
|
|
|
This is CVE-2014-8962.
|
|
|
|
Reported-by: Michele Spagnuolo,
|
|
Google Security Team <mikispag@google.com>
|
|
---
|
|
src/libFLAC/stream_decoder.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
--- a/src/libFLAC/stream_decoder.c
|
|
+++ b/src/libFLAC/stream_decoder.c
|
|
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC
|
|
*
|
|
***********************************************************************/
|
|
|
|
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
|
|
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
|
|
|
|
/***********************************************************************
|
|
*
|
|
@@ -1381,6 +1381,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe
|
|
id = 0;
|
|
continue;
|
|
}
|
|
+
|
|
+ if(id >= 3)
|
|
+ return false;
|
|
+
|
|
if(x == ID3V2_TAG_[id]) {
|
|
id++;
|
|
i = 0;
|