From d761c3967f3889e6490224a454ee855688fbcc5657f0eaac0df76e8ae7c432ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Tue, 4 Jul 2017 11:15:02 +0000
Subject: [PATCH] Accepting request 508079 from
 home:kstreitova:branches:multimedia:libs

- adjust libquicktime-1.2.4-integer_overflow.patch to prevent
  endless loop when there are less than 256 bytes to read
  [bsc#1022805] CVE-2016-2399

OBS-URL: https://build.opensuse.org/request/show/508079
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libquicktime?expand=0&rev=72
---
 libquicktime-1.2.4-integer_overflow.patch | 23 ++++++++++++++++-------
 libquicktime.changes                      |  7 +++++++
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/libquicktime-1.2.4-integer_overflow.patch b/libquicktime-1.2.4-integer_overflow.patch
index c5efc78..8f5664c 100644
--- a/libquicktime-1.2.4-integer_overflow.patch
+++ b/libquicktime-1.2.4-integer_overflow.patch
@@ -1,13 +1,22 @@
-Index: libquicktime-1.2.4/src/util.c
+Index: libquicktime/src/util.c
 ===================================================================
---- libquicktime-1.2.4.orig/src/util.c
-+++ libquicktime-1.2.4/src/util.c
-@@ -340,7 +340,7 @@ int64_t quicktime_byte_position(quicktim
+--- libquicktime.orig/src/util.c
++++ libquicktime/src/util.c
+@@ -376,9 +376,14 @@ int64_t quicktime_byte_position(quicktim
  
  void quicktime_read_pascal(quicktime_t *file, char *data)
  {
 -	char len = quicktime_read_char(file);
-+	unsigned char len = quicktime_read_char(file);
- 	quicktime_read_data(file, (uint8_t*)data, len);
- 	data[(int)len] = 0;
+-	quicktime_read_data(file, (uint8_t*)data, len);
+-	data[(int)len] = 0;
++	int len = quicktime_read_char(file);
++	if ((len > 0) && (len < 256)) {
++          /* data[] is expected to be 256 bytes long */
++          quicktime_read_data(file, (uint8_t*)data, len);
++          data[len] = 0;
++        } else {
++          data[0] = 0;
++        }
  }
+ 
+ void quicktime_write_pascal(quicktime_t *file, char *data)
diff --git a/libquicktime.changes b/libquicktime.changes
index c745005..2a564dc 100644
--- a/libquicktime.changes
+++ b/libquicktime.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul  4 10:28:44 UTC 2017 - kstreitova@suse.com
+
+- adjust libquicktime-1.2.4-integer_overflow.patch to prevent
+  endless loop when there are less than 256 bytes to read
+  [bsc#1022805] CVE-2016-2399
+
 -------------------------------------------------------------------
 Fri Jun 23 21:58:19 UTC 2017 - kstreitova@suse.com