diff options
Diffstat (limited to 'dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch')
-rw-r--r-- | dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch b/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch new file mode 100644 index 000000000000..6326e8a48d04 --- /dev/null +++ b/dev-tcltk/snack/files/snack-2.2.10-CVE-2012-6303-fix.patch @@ -0,0 +1,19 @@ +diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c +--- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500 ++++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500 +@@ -1798,7 +1798,14 @@ static int + GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, + int len) + { +- int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead); ++ int rlen; ++ ++ if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){ ++ Tcl_AppendResult(interp, "Excessive header size", NULL); ++ return TCL_ERROR; ++ } ++ ++ rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead); + + if (rlen < len - s->firstNRead){ + Tcl_AppendResult(interp, "Failed reading header bytes", NULL); |