| 1234567891011121314151617181920212223242526 |
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2399
- diff --git a/src/util.c b/src/util.c
- index d8dc3c3..9422fc5 100644
- --- a/src/util.c
- +++ b/src/util.c
- @@ -340,9 +340,14 @@ int64_t quicktime_byte_position(quicktime_t *file)
-
- void quicktime_read_pascal(quicktime_t *file, char *data)
- {
- - char len = quicktime_read_char(file);
- - quicktime_read_data(file, (uint8_t*)data, len);
- - data[(int)len] = 0;
- + int len = quicktime_read_char(file);
- + if ((len > 0) && (len < 256)) {
- + /* data[] is expected to be 256 bytes long */
- + quicktime_read_data(file, (uint8_t*)data, len);
- + data[len] = 0;
- + } else {
- + data[0] = 0;
- + }
- }
-
- void quicktime_write_pascal(quicktime_t *file, char *data)
|
