vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Wed Aug 7 17:36:37 2019 +0200| [4d262af8da7d479cbf57461e01ccd19281579633] | committer: Hugo Beauzée-Luyssen
asf: Fix out of bound read p_data is already offset by 64 bytes, so we need to propagate that offset to the boundary check CVE-2019-14776 (cherry picked from commit fdbdd677c1e6262f31771b0ba10afb24aabf108c) Signed-off-by: Hugo Beauzée-Luyssen <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=4d262af8da7d479cbf57461e01ccd19281579633 --- modules/demux/asf/asf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/demux/asf/asf.c b/modules/demux/asf/asf.c index 22e60194d3..a05ebe825b 100644 --- a/modules/demux/asf/asf.c +++ b/modules/demux/asf/asf.c @@ -1102,7 +1102,7 @@ static int DemuxInit( demux_t *p_demux ) { GET_CHECKED( fmt.i_extra, __MIN( GetWLE( &p_data[16] ), p_sp->i_type_specific_data_length - - sizeof( WAVEFORMATEX ) ), + sizeof( WAVEFORMATEX ) - 64), INT_MAX, uint32_t ); fmt.p_extra = malloc( fmt.i_extra ); if ( fmt.p_extra ) _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
