mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-28 10:02:43 +01:00
51604f3095
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
35 lines
738 B
Diff
35 lines
738 B
Diff
Description: Fix buffer overflow causing an invalid pointer free().
|
|
Author: Guillem Jover <guillem@debian.org>
|
|
Origin: vendor
|
|
Bug-Debian: https://bugs.debian.org/774015
|
|
Forwarded: no
|
|
Last-Update: 2015-02-26
|
|
|
|
---
|
|
decode.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
--- a/decode.c
|
|
+++ b/decode.c
|
|
@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
|
|
if(i==i_special)
|
|
{
|
|
c=getbits(2);
|
|
- while(--c>=0)
|
|
+ while(--c>=0&&i<nn)
|
|
pt_len[i++]=0;
|
|
}
|
|
}
|
|
@@ -314,10 +314,10 @@ void read_c_len()
|
|
c=getbits(CBIT);
|
|
c+=20;
|
|
}
|
|
- while(--c>=0)
|
|
+ while(--c>=0&&i<NC)
|
|
c_len[i++]=0;
|
|
}
|
|
- else
|
|
+ else if (i<NC)
|
|
c_len[i++]=(unsigned char)(c-2);
|
|
}
|
|
while(i<NC)
|