Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 131163 Details for
Bug 192834
media-libs/libsndfile-1.0.17 Heap-based buffer overflow in flac.c (CVE-2007-4974)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libsndfile-1.0.17-flac-buffer-overflow.patch
libsndfile-1.0.17-flac-buffer-overflow.patch (text/plain), 1.40 KB, created by
Robert Buchholz (RETIRED)
on 2007-09-17 16:54:31 UTC
(
hide
)
Description:
libsndfile-1.0.17-flac-buffer-overflow.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-09-17 16:54:31 UTC
Size:
1.40 KB
patch
obsolete
>Index: libsndfile-1.0.17/src/flac.c >=================================================================== >--- libsndfile-1.0.17.orig/src/flac.c >+++ libsndfile-1.0.17/src/flac.c >@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf) > ** Private static functions. > */ > >-#define ENC_BUFFER_SIZE 4096 >+#define ENC_BUFFER_SIZE 8192 > > typedef enum > { PFLAC_PCM_SHORT = 0, >@@ -204,13 +204,24 @@ flac_buffer_copy (SF_PRIVATE *psf) > > if (pflac->ptr == NULL) > { /* >+ ** frame->header.blocksize is variable and we're using a constant blocksize >+ ** of FLAC__MAX_BLOCK_SIZE. >+ ** Check our assumptions here. >+ */ >+ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) >+ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; >+ psf->error = SFE_INTERNAL ; >+ return 0 ; >+ } ; >+ >+ /* > ** Not sure why this code is here and not elsewhere. > ** Removing it causes valgrind errors. > */ > pflac->bufferbackup = SF_TRUE ; > for (i = 0 ; i < frame->header.channels ; i++) > { if (pflac->rbuffer [i] == NULL) >- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ; >+ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ; > memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ; > } ; > pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 192834
:
131163
|
131171
|
131269
|
132116