Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch')
-rw-r--r--media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch
new file mode 100644
index 000000000000..d59522d6d1d0
--- /dev/null
+++ b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch
@@ -0,0 +1,26 @@
+This patch is from upstream:
+https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
+
+commit fd607a3439fcdd0992e5efded3c16fc79c804e34
+Author: Christopher O'Neill <code@chrisoneill.co.uk>
+Date: Tue Jul 30 19:11:58 2019 +0100
+
+ Fix #184: Heap overflow in S3M loader
+
+diff --git a/src/milkyplay/LoaderS3M.cpp b/src/milkyplay/LoaderS3M.cpp
+index 5abf211..edf0fd5 100644
+--- a/src/milkyplay/LoaderS3M.cpp
++++ b/src/milkyplay/LoaderS3M.cpp
+@@ -340,7 +340,11 @@ mp_sint32 LoaderS3M::load(XMFileBase& f, XModule* module)
+ return MP_OUT_OF_MEMORY;
+
+ header->insnum = f.readWord(); // number of instruments
+- header->patnum = f.readWord(); // number of patterns
++ if (header->insnum > MP_MAXINS)
++ return MP_LOADER_FAILED;
++ header->patnum = f.readWord(); // number of patterns
++ if (header->patnum > 256)
++ return MP_LOADER_FAILED;
+
+ mp_sint32 flags = f.readWord(); // st3 flags
+