diff options
Diffstat (limited to 'media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch')
-rw-r--r-- | media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch b/media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch new file mode 100644 index 000000000000..11344d3946af --- /dev/null +++ b/media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch @@ -0,0 +1,15 @@ +Description: fix heap-based buffer over-read. +Origin: upstream, commit: d2b032452241708bee68d02aa02092cfbfba951a +Author: Christian Grothoff <christian@grothoff.org> + +--- a/src/plugins/dvi_extractor.c ++++ b/src/plugins/dvi_extractor.c +@@ -182,6 +182,8 @@ + size = ec->get_size (ec->cls); + if (size > 16 * 1024 * 1024) + return; /* too large */ ++ if (klen + 15 > size) ++ return; /* malformed klen */ + if (NULL == (data = malloc ((size_t) size))) + return; /* out of memory */ + memcpy (data, buf, iret); |