19 lines
778 B
Diff
19 lines
778 B
Diff
diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
|
|
--- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500
|
|
+++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500
|
|
@@ -1798,7 +1798,14 @@ static int
|
|
GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf,
|
|
int len)
|
|
{
|
|
- int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
|
|
+ int rlen;
|
|
+
|
|
+ if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
|
|
+ Tcl_AppendResult(interp, "Excessive header size", NULL);
|
|
+ return TCL_ERROR;
|
|
+ }
|
|
+
|
|
+ rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
|
|
|
|
if (rlen < len - s->firstNRead){
|
|
Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
|