rpm/wavpack
SHA256
1
0
Fork 0
forked from pool/wavpack
Code Pull Requests Activity
bb72a1aabf
wavpack/CVE-2018-19841.patch
Tomáš Chvátal b4255ab79f Accepting request 663469 from home:sbrabec:branches:multimedia:libs 
- Fix denial-of-service (resource exhaustion caused by an infinite
  loop; bsc#1120930, CVE-2018-19840, CVE-2018-19840.patch).
- Fix denial-of-service (out-of-bounds read and application crash;
  bsc#1120929, CVE-2018-19841, CVE-2018-19841.patch).

OBS-URL: https://build.opensuse.org/request/show/663469
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/wavpack?expand=0&rev=24
2019-01-08 08:02:37 +00:00

33 lines
1.2 KiB
Diff
Raw Blame History

From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Thu, 29 Nov 2018 21:53:51 -0800
Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
---
src/open_utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/open_utils.c b/src/open_utils.c
index 80051fc..4fe0d67 100644
--- a/src/open_utils.c
+++ b/src/open_utils.c
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
#endif
if (meta_bc == 4) {
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
return FALSE;
}
else {
csum ^= csum >> 16;
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
return FALSE;
}
--
2.20.1
View Git Blame Copy Permalink