blob: 526cc17e494c3525d56e16bbd21455e2bc84e68b (
plain)
1 From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
2 From: Erik de Castro Lopo <erikd@mega-nerd.com>
3 Date: Tue, 23 May 2017 20:15:24 +1000
4 Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
5
6 Secunia Advisory SA76717.
7
8 Found by: Laurent Delosieres, Secunia Research at Flexera Software
9 ---
10 src/aiff.c | 2 +-
11 1 file changed, 1 insertion(+), 1 deletion(-)
12
13 --- a/src/aiff.c
14 +++ b/src/aiff.c
15 @@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns
16 psf_binheader_readf (psf, "j", dword - bytesread) ;
17
18 if (map_info->channel_map != NULL)
19 - { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
20 + { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
21
22 free (psf->channel_map) ;
23
|
