blob: 3402e57373f49754fefd420fdda67acd7d99026e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From: Wolfram Sang <w.sang@pengutronix.de>
Date: Wed, 21 Nov 2012 18:59:12 +0100
Subject: [PATCH] libmikmod: apply patch for CVE-2010-2971
Signed-off-by: Chris Larson <chris_larson@mentor.com>
Taken from OpenEmbedded (4880cfd0217466c737c14f5fe7687baa0a01c00d)
Signed-off-by: Wolfram Sang <w.sang@pengutronix.de>
---
loaders/load_it.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/loaders/load_it.c b/loaders/load_it.c
index de40bb6..ca82613 100644
--- a/loaders/load_it.c
+++ b/loaders/load_it.c
@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
#define IT_LoadEnvelope(name,type) \
ih. name##flg =_mm_read_UBYTE(modreader); \
ih. name##pts =_mm_read_UBYTE(modreader); \
+ if (ih. name##pts > ITENVCNT) \
+ ih. name##pts = ITENVCNT; \
ih. name##beg =_mm_read_UBYTE(modreader); \
ih. name##end =_mm_read_UBYTE(modreader); \
ih. name##susbeg=_mm_read_UBYTE(modreader); \
@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
#define IT_LoadEnvelope(name,type) \
ih. name/**/flg =_mm_read_UBYTE(modreader); \
ih. name/**/pts =_mm_read_UBYTE(modreader); \
+ if (ih. name/**/pts > ITENVCNT) \
+ ih. name/**/pts = ITENVCNT; \
ih. name/**/beg =_mm_read_UBYTE(modreader); \
ih. name/**/end =_mm_read_UBYTE(modreader); \
ih. name/**/susbeg=_mm_read_UBYTE(modreader); \
|