pool/libmikmod
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- correct fix for CVE-2009-3995 [bnc#625547]

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libmikmod?expand=0&rev=10
This commit is contained in:
Pavol Rusnak 2010-08-25 13:29:12 +00:00 committed by Git OBS Bridge
parent fab5fbcdb8
commit e84a906a5e
2 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
libmikmod-3.1.12-CVE-2009-3995,3996.diff
View File

@ -2,18 +2,24 @@ Index: loaders/load_it.c
===================================================================
--- loaders/load_it.c.orig
+++ loaders/load_it.c
@@ -862,6 +862,11 @@ BOOL IT_Load(BOOL curious)
#endif
IT_ProcessEnvelope(vol);
+
+ // Secunia SA37775
+ if (ih.volpts>= ENVPOINTS)
+ ih.volpts = ENVPOINTS-1;
+
for(u=0;u<ih.volpts;u++)
d->volenv[u].val=(ih.volnode[u]<<2);
@@ -747,6 +747,8 @@ BOOL IT_Load(BOOL curious)
ih. name##end =_mm_read_UBYTE(modreader); \
ih. name##susbeg=_mm_read_UBYTE(modreader); \
ih. name##susend=_mm_read_UBYTE(modreader); \
+ if (ih. name##pts>= ITENVCNT) \
+ ih. name##pts = ITENVCNT-1; \
for(lp=0;lp<ITENVCNT;lp++) { \
ih. name##node[lp]=_mm_read_##type (modreader); \
ih. name##tick[lp]=_mm_read_I_UWORD(modreader); \
@@ -760,6 +762,8 @@ BOOL IT_Load(BOOL curious)
ih. name/**/end =_mm_read_UBYTE(modreader); \
ih. name/**/susbeg=_mm_read_UBYTE(modreader); \
ih. name/**/susend=_mm_read_UBYTE(modreader); \
+ if (ih. name/**/pts>= ITENVCNT) \
+ ih. name/**/pts = ITENVCNT-1; \
for(lp=0;lp<ITENVCNT;lp++) { \
ih. name/**/node[lp]=_mm_read_/**/type (modreader); \
ih. name/**/tick[lp]=_mm_read_I_UWORD(modreader); \
Index: loaders/load_ult.c
===================================================================
--- loaders/load_ult.c.orig

5
libmikmod.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Aug 25 13:26:22 UTC 2010 - prusnak@opensuse.org
- correct fix for CVE-2009-3995 [bnc#625547]
-------------------------------------------------------------------
Fri Apr 23 01:29:56 CEST 2010 - prusnak@suse.cz