26 lines
801 B
Diff
26 lines
801 B
Diff
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
|
||
|
|
||
|
diff --git a/src/util.c b/src/util.c
|
||
|
index d8dc3c3..9422fc5 100644
|
||
|
--- a/src/util.c
|
||
|
+++ b/src/util.c
|
||
|
@@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file)
|
||
|
|
||
|
void quicktime_read_pascal(quicktime_t *file, char *data)
|
||
|
{
|
||
|
- char len = quicktime_read_char(file);
|
||
|
- quicktime_read_data(file, (uint8_t*)data, len);
|
||
|
- data[(int)len] = 0;
|
||
|
+ int len = quicktime_read_char(file);
|
||
|
+ if ((len > 0) && (len < 256)) {
|
||
|
+ /* data[] is expected to be 256 bytes long */
|
||
|
+ quicktime_read_data(file, (uint8_t*)data, len);
|
||
|
+ data[len] = 0;
|
||
|
+ } else {
|
||
|
+ data[0] = 0;
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
void quicktime_write_pascal(quicktime_t *file, char *data)
|