summaryrefslogtreecommitdiff
path: root/flac-cve-2020-0499.patch
diff options
context:
space:
mode:
Diffstat (limited to 'flac-cve-2020-0499.patch')
-rw-r--r--flac-cve-2020-0499.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/flac-cve-2020-0499.patch b/flac-cve-2020-0499.patch
new file mode 100644
index 0000000..712294a
--- /dev/null
+++ b/flac-cve-2020-0499.patch
@@ -0,0 +1,23 @@
+commit 2e7931c27eb15e387da440a37f12437e35b22dd4
+Author: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Mon Oct 7 12:55:58 2019 +1100
+
+ libFLAC/bitreader.c: Fix out-of-bounds read
+
+ Credit: Oss-Fuzz
+ Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
+ Testcase: fuzzer_decoder-5670265022840832
+
+diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
+index 5e4b5918..3df4d02c 100644
+--- a/src/libFLAC/bitreader.c
++++ b/src/libFLAC/bitreader.c
+@@ -869,7 +869,7 @@ incomplete_lsbs:
+ cwords = br->consumed_words;
+ words = br->words;
+ ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
+- b = br->buffer[cwords] << br->consumed_bits;
++ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
+ } while(cwords >= words && val < end);
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-31 02:37:57 +0000