[SCM] libgig/master: debian/patches/CVE-2017-12952.diff: fix some crashes

piem at users.alioth.debian.org piem at users.alioth.debian.org
Tue Aug 29 13:29:48 UTC 2017 

The following commit has been merged in the master branch:
commit 7ca6d2ad105ac7d100354d0917c8a3e1fec4f1a6
Author: Paul Brossier <piem at piem.org>
Date:   Tue Aug 29 15:14:40 2017 +0200

    debian/patches/CVE-2017-12952.diff: fix some crashes

diff --git a/debian/patches/CVE-2017-12952.diff b/debian/patches/CVE-2017-12952.diff
new file mode 100644
index 0000000..0c34d44
--- /dev/null
+++ b/debian/patches/CVE-2017-12952.diff
@@ -0,0 +1,35 @@
+--- a/src/gig.cpp
++++ b/src/gig.cpp
+@@ -2967,7 +2967,7 @@
+             if (file->GetAutoLoad()) {
+                 for (uint i = 0; i < DimensionRegions; i++) {
+                     uint32_t wavepoolindex = _3lnk->ReadUint32();
+-                    if (file->pWavePoolTable) pDimensionRegions[i]->pSample = GetSampleFromWavePool(wavepoolindex);
++                    if (file->pWavePoolTable && pDimensionRegions[i]) pDimensionRegions[i]->pSample = GetSampleFromWavePool(wavepoolindex);
+                 }
+                 GetSample(); // load global region sample reference
+             }
+@@ -4441,7 +4441,9 @@
+         RegionList::iterator end  = pRegions->end();
+         for (; iter != end; ++iter) {
+             gig::Region* pRegion = static_cast<gig::Region*>(*iter);
+-            for (int iKey = pRegion->KeyRange.low; iKey <= pRegion->KeyRange.high; iKey++) {
++            int low = pRegion->KeyRange.low > 0 ? pRegion->KeyRange.low : 0;
++            int high = pRegion->KeyRange.high > 127 ? 127 : pRegion->KeyRange.high;
++            for (int iKey = low; iKey <= high; iKey++) {
+                 RegionKeyTable[iKey] = pRegion;
+             }
+         }
+--- a/src/helper.h
++++ b/src/helper.h
+@@ -142,6 +142,10 @@
+ inline void LoadString(RIFF::Chunk* ck, std::string& s) {
+     if (ck) {
+         const char* str = (char*)ck->LoadChunkData();
++        if (str == NULL) {
++          ck->ReleaseChunkData();
++          return;
++        }
+         int size = ck->GetSize();
+         int len;
+         for (len = 0 ; len < size ; len++)
diff --git a/debian/patches/series b/debian/patches/series
index fba3f90..4078684 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02-manpages.patch
 04-spelling.patch
 05-fix-libdir.patch
+CVE-2017-12952.diff

-- 
libgig packaging

More information about the pkg-multimedia-commits mailing list