]> git.sesse.net Git - vlc/commit
projects / vlc / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9512f7d) | patch
wav: fix integer overflow (CVE-2008-2430)
authorRémi Denis-Courmont <rdenis@simphalempin.com>
Sat, 28 Jun 2008 11:00:57 +0000 (14:00 +0300)
committerRémi Denis-Courmont <rdenis@simphalempin.com>
Sat, 28 Jun 2008 21:58:00 +0000 (00:58 +0300)
commit3de60bf5b886ad81d7c05d68dff7a1ba461c0ac1
tree2e8362de24f58d2cab628b5d4e4139950a61ea1ftree | snapshot
parent9512f7de73883472b39a712748c33e9a51074a02commit | diff
wav: fix integer overflow (CVE-2008-2430)

When i_size is sufficiently large, we would overflow malloc(), and then
overwrite the heap with stream_Read().

Bug reported by: Alin Rad Pop, Secunia Research.

(cherry-picked from commit 95e2f0ff579a5b987cbde9454aa1fc86080528e2)
modules/demux/wav.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.