[SCM] libquicktime/master: Fix integer overflow in the quicktime_read_pascal function (CVE-2016-2399)
rbalint at users.alioth.debian.org
rbalint at users.alioth.debian.org
Mon Feb 27 22:54:39 UTC 2017
The following commit has been merged in the master branch:
commit f6bb364af6a2bc65eab832614afb578c5740a0cc
Author: Balint Reczey <balint at balintreczey.hu>
Date: Mon Feb 27 23:13:47 2017 +0100
Fix integer overflow in the quicktime_read_pascal function (CVE-2016-2399)
Closes: #855099
diff --git a/debian/patches/CVE-2016-2399.patch b/debian/patches/CVE-2016-2399.patch
new file mode 100644
index 0000000..dfa8180
--- /dev/null
+++ b/debian/patches/CVE-2016-2399.patch
@@ -0,0 +1,22 @@
+diff --git a/src/util.c b/src/util.c
+index d8dc3c3..9422fc5 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file)
+
+ void quicktime_read_pascal(quicktime_t *file, char *data)
+ {
+- char len = quicktime_read_char(file);
+- quicktime_read_data(file, (uint8_t*)data, len);
+- data[(int)len] = 0;
++ int len = quicktime_read_char(file);
++ if ((len > 0) && (len < 256)) {
++ /* data[] is expected to be 256 bytes long */
++ quicktime_read_data(file, (uint8_t*)data, len);
++ data[len] = 0;
++ } else {
++ data[0] = 0;
++ }
+ }
+
+ void quicktime_write_pascal(quicktime_t *file, char *data)
diff --git a/debian/patches/series b/debian/patches/series
index 078889d..2f95641 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
11-path_max.patch
libav10.patch
ffmpeg_2.9.patch
+CVE-2016-2399.patch
--
libquicktime packaging
More information about the pkg-multimedia-commits
mailing list