gst/modplug/libmodplug/sndfile.cpp: Fix potential buffer overflow (CVE-2006-4192...

author Tim-Philipp Müller <tim@centricular.net>

Thu, 14 Dec 2006 15:45:56 +0000 (15:45 +0000)

committer Tim-Philipp Müller <tim@centricular.net>

Thu, 14 Dec 2006 15:45:56 +0000 (15:45 +0000)
author Tim-Philipp Müller <tim@centricular.net>
Thu, 14 Dec 2006 15:45:56 +0000 (15:45 +0000)
committer Tim-Philipp Müller <tim@centricular.net>
Thu, 14 Dec 2006 15:45:56 +0000 (15:45 +0000)
diff --git a/ChangeLog b/ChangeLog

index 68dcd4f..1036784 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-12-14  Tim-Philipp Müller  <tim at centricular dot net>
+
+       * gst/modplug/libmodplug/sndfile.cpp:
+         Fix potential buffer overflow (CVE-2006-4192) (#385788).
+
  2006-12-13  Wim Taymans  <wim@fluendo.com>
  
         * gst/qtdemux/qtdemux.c: (gst_qtdemux_get_duration),
diff --git a/gst/modplug/libmodplug/sndfile.cpp b/gst/modplug/libmodplug/sndfile.cpp

index 5dc1417..23eeac7 100644 (file)
--- a/gst/modplug/libmodplug/sndfile.cpp
+++ b/gst/modplug/libmodplug/sndfile.cpp
@@ -1081,7 +1081,7 @@ UINT CSoundFile::ReadSample(MODINSTRUMENT *pIns, UINT nFlags, LPCSTR lpMemFile,
  {
         UINT len = 0, mem = pIns->nLength+6;
  
-       if ((!pIns) || (pIns->nLength < 4) || (!lpMemFile)) return 0;
+       if ((!pIns) || ((int)pIns->nLength < 4) || (!lpMemFile)) return 0;
         if (pIns->nLength > MAX_SAMPLE_LENGTH) pIns->nLength = MAX_SAMPLE_LENGTH;
         pIns->uFlags &= ~(CHN_16BIT|CHN_STEREO);
         if (nFlags & RSF_16BIT)
author	Tim-Philipp Müller <tim@centricular.net>
	Thu, 14 Dec 2006 15:45:56 +0000 (15:45 +0000)
committer	Tim-Philipp Müller <tim@centricular.net>
	Thu, 14 Dec 2006 15:45:56 +0000 (15:45 +0000)
ChangeLog		patch \| blob \| history
gst/modplug/libmodplug/sndfile.cpp		patch \| blob \| history