diff options
Diffstat (limited to 'media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch')
-rw-r--r-- | media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch | 26 |
1 files changed, 0 insertions, 26 deletions
diff --git a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch deleted file mode 100644 index d59522d6d1d0..000000000000 --- a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch +++ /dev/null @@ -1,26 +0,0 @@ -This patch is from upstream: -https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34 - -commit fd607a3439fcdd0992e5efded3c16fc79c804e34 -Author: Christopher O'Neill <code@chrisoneill.co.uk> -Date: Tue Jul 30 19:11:58 2019 +0100 - - Fix #184: Heap overflow in S3M loader - -diff --git a/src/milkyplay/LoaderS3M.cpp b/src/milkyplay/LoaderS3M.cpp -index 5abf211..edf0fd5 100644 ---- a/src/milkyplay/LoaderS3M.cpp -+++ b/src/milkyplay/LoaderS3M.cpp -@@ -340,7 +340,11 @@ mp_sint32 LoaderS3M::load(XMFileBase& f, XModule* module) - return MP_OUT_OF_MEMORY; - - header->insnum = f.readWord(); // number of instruments -- header->patnum = f.readWord(); // number of patterns -+ if (header->insnum > MP_MAXINS) -+ return MP_LOADER_FAILED; -+ header->patnum = f.readWord(); // number of patterns -+ if (header->patnum > 256) -+ return MP_LOADER_FAILED; - - mp_sint32 flags = f.readWord(); // st3 flags - |