Aric Stewart : winemp3: A fix for security alert CVE-2006-1655.
Alexandre Julliard
julliard at winehq.org
Mon Aug 10 10:35:35 CDT 2009
Module: wine
Branch: master
Commit: e9aaea044be5f23c5d7f8a706a9e22e39b032f8d
URL: http://source.winehq.org/git/wine.git/?a=commit;h=e9aaea044be5f23c5d7f8a706a9e22e39b032f8d
Author: Aric Stewart <aric at codeweavers.com>
Date: Fri Aug 7 11:48:27 2009 -0500
winemp3: A fix for security alert CVE-2006-1655.
---
dlls/winemp3.acm/layer3.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/dlls/winemp3.acm/layer3.c b/dlls/winemp3.acm/layer3.c
index c655dcd..17f5a7a 100644
--- a/dlls/winemp3.acm/layer3.c
+++ b/dlls/winemp3.acm/layer3.c
@@ -1061,8 +1061,9 @@ maybe still wrong??? (copy 12 to 13?) */
* and mode = mixed_mode
*/
int sfb = gr_info->maxbandl;
- int idx = bi->longIdx[sfb];
-
+ int idx;
+ if(sfb > 21) return; /* similarity fix related to CVE-2006-1655 */
+ idx = bi->longIdx[sfb];
for ( ; sfb<8; sfb++ )
{
int sb = bi->longDiff[sfb];
@@ -1085,7 +1086,9 @@ maybe still wrong??? (copy 12 to 13?) */
else /* ((gr_info->block_type != 2)) */
{
int sfb = gr_info->maxbandl;
- int is_p,idx = bi->longIdx[sfb];
+ int is_p,idx;
+ if (sfb > 21) return; /* tightened fix for CVE-2006-1655 */
+ idx = bi->longIdx[sfb];
for ( ; sfb<21; sfb++)
{
int sb = bi->longDiff[sfb];
More information about the wine-cvs
mailing list