Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/libsndfile/patches/CVE-2014-9496.patch
branchs11u3-sru
changeset 7938 e5a7b6f8f14c
parent 7937 20e6442c6cee
child 7942 ddce1f13af96 
--- a/components/libsndfile/patches/CVE-2014-9496.patch	Fri Apr 21 10:43:44 2017 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-Fix two potential buffer read overflows.
-
-Upstream bug report:
-https://github.com/erikd/libsndfile/issues/93
-
-Upstream fix:
-https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
-
---- libsndfile-1.0.23/src/sd2.c.orig	2015-01-07 13:06:58.205315569 -0800
-+++ libsndfile-1.0.23/src/sd2.c	2015-01-07 13:15:21.501444431 -0800
-@@ -496,6 +496,11 @@
- 
- 	rsrc.type_offset = rsrc.map_offset + 30 ;
- 
-+	if (rsrc.map_offset + 28 > rsrc.rsrc_len)
-+	{	psf_log_printf (psf, "Bad map offset.\n") ;
-+		goto parse_rsrc_fork_cleanup ;
-+		} ;
-+
- 	rsrc.type_count = read_short (rsrc.rsrc_data, rsrc.map_offset + 28) + 1 ;
- 	if (rsrc.type_count < 1)
- 	{	psf_log_printf (psf, "Bad type count.\n") ;
-@@ -512,7 +517,12 @@
- 
- 	rsrc.str_index = -1 ;
- 	for (k = 0 ; k < rsrc.type_count ; k ++)
--	{	marker = read_marker (rsrc.rsrc_data, rsrc.type_offset + k * 8) ;
-+	{	if (rsrc.type_offset + k * 8 > rsrc.rsrc_len)
-+		{	psf_log_printf (psf, "Bad rsrc marker.\n") ;
-+			goto parse_rsrc_fork_cleanup ;
-+			} ;
-+
-+		marker = read_marker (rsrc.rsrc_data, rsrc.type_offset + k * 8) ;
- 
- 		if (marker == STR_MARKER)
- 		{	rsrc.str_index = k ;
upstream/oracle/userland-gate