diff options
author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-12-07 17:56:36 +0000 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-12-07 17:56:36 +0000 |
commit | dd008a31d9cc9a1d02bfc848b8321758ac92d2d8 (patch) | |
tree | 6f6d4be5a27475f17a114317c56ec9e1ce924615 /user/vlc/CVE-2018-19857.patch | |
parent | ec1cf0486df9bd9e39a20c7f18216f7d89426566 (diff) | |
download | packages-dd008a31d9cc9a1d02bfc848b8321758ac92d2d8.tar.gz packages-dd008a31d9cc9a1d02bfc848b8321758ac92d2d8.tar.bz2 packages-dd008a31d9cc9a1d02bfc848b8321758ac92d2d8.tar.xz packages-dd008a31d9cc9a1d02bfc848b8321758ac92d2d8.zip |
user/vlc: sec fix for CVE-2018-19857
Diffstat (limited to 'user/vlc/CVE-2018-19857.patch')
-rw-r--r-- | user/vlc/CVE-2018-19857.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/user/vlc/CVE-2018-19857.patch b/user/vlc/CVE-2018-19857.patch new file mode 100644 index 000000000..a65dcef20 --- /dev/null +++ b/user/vlc/CVE-2018-19857.patch @@ -0,0 +1,34 @@ +From 0cc5ea748ee5ff7705dde61ab15dff8f58be39d0 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <remi@remlab.net> +Date: Sat, 1 Dec 2018 23:32:18 +0200 +Subject: [PATCH] caf: fix integer underflow + +Pointed-out-by: Hans Jerry Illikainen <hji@dyntopia.com> +--- + modules/demux/caf.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/modules/demux/caf.c b/modules/demux/caf.c +index cc312a5a30..39b381f963 100644 +--- a/modules/demux/caf.c ++++ b/modules/demux/caf.c +@@ -691,14 +691,13 @@ static int ReadKukiChunk( demux_t *p_demux, uint64_t i_size ) + demux_sys_t *p_sys = p_demux->p_sys; + const uint8_t *p_peek; + +- /* vlc_stream_Peek can't handle sizes bigger than INT32_MAX, and also p_sys->fmt.i_extra is of type 'int'*/ +- if( i_size > INT32_MAX ) ++ if( i_size > SSIZE_MAX ) + { + msg_Err( p_demux, "Magic Cookie chunk too big" ); + return VLC_EGENERIC; + } + +- if( (unsigned int)vlc_stream_Peek( p_demux->s, &p_peek, (int)i_size ) < i_size ) ++ if( vlc_stream_Peek( p_demux->s, &p_peek, i_size ) < (ssize_t)i_size ) + { + msg_Err( p_demux, "Couldn't peek extra data" ); + return VLC_EGENERIC; +-- +2.11.0 + |