repo/testing/wavpack/patches/CVE-2018-19841.patch
2019-07-23 11:04:56 +07:00

30 lines
1.1 KiB
Diff

From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Thu, 29 Nov 2018 21:53:51 -0800
Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
---
src/open_utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/open_utils.c b/src/open_utils.c
index 80051fc..4fe0d67 100644
--- a/src/open_utils.c
+++ b/src/open_utils.c
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
#endif
if (meta_bc == 4) {
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
return FALSE;
}
else {
csum ^= csum >> 16;
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
return FALSE;
}