From: Erik de Castro Lopo Date: Tue, 18 Nov 2014 15:20:25 +0000 (-0800) Subject: src/libFLAC/stream_decoder.c : Fix buffer read overflow. X-Git-Tag: accepted/tizen/5.5/unified/20191031.005857^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_8.0;p=platform%2Fupstream%2Fflac.git src/libFLAC/stream_decoder.c : Fix buffer read overflow. This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e Change-Id: Ic9d1d567bd31323a6a9fce92e4acb0d1b60ce14e --- diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c index f987c27..6bc6407 100644 --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC = * ***********************************************************************/ -static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; +static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' }; /*********************************************************************** * @@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder) id = 0; continue; } + + if(id >= 3) + return false; + if(x == ID3V2_TAG_[id]) { id++; i = 0;