/[packages]/updates/1/snack/current/SOURCES/tcl-snack-2.2.10-CVE-2012-6303-fix.patch
ViewVC logotype

Contents of /updates/1/snack/current/SOURCES/tcl-snack-2.2.10-CVE-2012-6303-fix.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 388135 - (show annotations) (download)
Mon Jan 14 22:25:09 2013 UTC (11 years, 9 months ago) by luigiwalser
File size: 778 byte(s)
add patch from fedora to fix CVE-2012-6303
1 diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
2 --- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500
3 +++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500
4 @@ -1798,7 +1798,14 @@ static int
5 GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf,
6 int len)
7 {
8 - int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
9 + int rlen;
10 +
11 + if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
12 + Tcl_AppendResult(interp, "Excessive header size", NULL);
13 + return TCL_ERROR;
14 + }
15 +
16 + rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
17
18 if (rlen < len - s->firstNRead){
19 Tcl_AppendResult(interp, "Failed reading header bytes", NULL);

  ViewVC Help
Powered by ViewVC 1.1.30