1 |
diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c |
2 |
--- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500 |
3 |
+++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500 |
4 |
@@ -1798,7 +1798,14 @@ static int |
5 |
GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, |
6 |
int len) |
7 |
{ |
8 |
- int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead); |
9 |
+ int rlen; |
10 |
+ |
11 |
+ if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){ |
12 |
+ Tcl_AppendResult(interp, "Excessive header size", NULL); |
13 |
+ return TCL_ERROR; |
14 |
+ } |
15 |
+ |
16 |
+ rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead); |
17 |
|
18 |
if (rlen < len - s->firstNRead){ |
19 |
Tcl_AppendResult(interp, "Failed reading header bytes", NULL); |