Module: wine Branch: master Commit: e9aaea044be5f23c5d7f8a706a9e22e39b032f8d URL: http://source.winehq.org/git/wine.git/?a=commit;h=e9aaea044be5f23c5d7f8a706a...
Author: Aric Stewart aric@codeweavers.com Date: Fri Aug 7 11:48:27 2009 -0500
winemp3: A fix for security alert CVE-2006-1655.
---
dlls/winemp3.acm/layer3.c | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/dlls/winemp3.acm/layer3.c b/dlls/winemp3.acm/layer3.c index c655dcd..17f5a7a 100644 --- a/dlls/winemp3.acm/layer3.c +++ b/dlls/winemp3.acm/layer3.c @@ -1061,8 +1061,9 @@ maybe still wrong??? (copy 12 to 13?) */ * and mode = mixed_mode */ int sfb = gr_info->maxbandl; - int idx = bi->longIdx[sfb]; - + int idx; + if(sfb > 21) return; /* similarity fix related to CVE-2006-1655 */ + idx = bi->longIdx[sfb]; for ( ; sfb<8; sfb++ ) { int sb = bi->longDiff[sfb]; @@ -1085,7 +1086,9 @@ maybe still wrong??? (copy 12 to 13?) */ else /* ((gr_info->block_type != 2)) */ { int sfb = gr_info->maxbandl; - int is_p,idx = bi->longIdx[sfb]; + int is_p,idx; + if (sfb > 21) return; /* tightened fix for CVE-2006-1655 */ + idx = bi->longIdx[sfb]; for ( ; sfb<21; sfb++) { int sb = bi->longDiff[sfb];
-
Alexandre Julliard