1 |
From a79ec216cd119069c68b8f3542c6a425a74ab993 Mon Sep 17 00:00:00 2001 |
2 |
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> |
3 |
Date: Tue, 31 Oct 2017 18:32:46 +0100 |
4 |
Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels |
5 |
|
6 |
Otherwise |
7 |
|
8 |
for(i=0;i<vi->channels;i++){ |
9 |
/* the encoder setup assumes that all the modes used by any |
10 |
specific bitrate tweaking use the same floor */ |
11 |
int submap=info->chmuxlist[i]; |
12 |
|
13 |
overreads later in mapping0_forward since chmuxlist is a fixed array of |
14 |
256 elements max. |
15 |
--- |
16 |
lib/info.c | 2 +- |
17 |
1 file changed, 1 insertion(+), 1 deletion(-) |
18 |
|
19 |
--- a/lib/info.c |
20 |
+++ b/lib/info.c |
21 |
@@ -578,7 +578,7 @@ int vorbis_analysis_headerout(vorbis_dsp |
22 |
oggpack_buffer opb; |
23 |
private_state *b=v->backend_state; |
24 |
|
25 |
- if(!b||vi->channels<=0){ |
26 |
+ if(!b||vi->channels<=0||vi->channels>256){ |
27 |
ret=OV_EFAULT; |
28 |
goto err_out; |
29 |
} |