summaryrefslogtreecommitdiff
path: root/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch')
-rw-r--r--dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch19
1 files changed, 19 insertions, 0 deletions
diff --git a/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch b/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch
new file mode 100644
index 000000000000..6326e8a48d04
--- /dev/null
+++ b/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch
@@ -0,0 +1,19 @@
+diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
+--- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500
++++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500
+@@ -1798,7 +1798,14 @@ static int
+ GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf,
+ int len)
+ {
+- int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
++ int rlen;
++
++ if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
++ Tcl_AppendResult(interp, "Excessive header size", NULL);
++ return TCL_ERROR;
++ }
++
++ rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
+
+ if (rlen < len - s->firstNRead){
+ Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 22:18:30 +0000