all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 03afaccc67006756b5e0cc3555634d1981fd38c7 1031 bytes (raw)
name: gnu/packages/patches/mpg321-CVE-2019-14247.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

 
This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and
fixes CVE-2019-14247.

Description: Handle illegal bitrate value
Author: Chrysostomos Nanakos <cnanakos@debian.org>
Bug-Debian: https://bugs.debian.org/870406
Bug-Debian: https://bugs.debian.org/887057

--- mpg321-0.3.2.orig/mad.c
+++ mpg321-0.3.2/mad.c
@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
 
     if (!is_vbr)
     {
+	if (header.bitrate <= 0)                                                
+        {                                                                       
+            fprintf(stderr, "Illegal bit allocation value\n");                                                                              
+            return;                                                             
+        }    
+
         double time = (len * 8.0) / (header.bitrate); /* time in seconds */
         double timefrac = (double)time - ((long)(time));
         long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */

debug log:

solving 03afaccc67 ...
found 03afaccc67 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.