Package: snack / 2.2.10.20090623-dfsg-10

CVE-2012-6303.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
--- a/generic/jkSoundFile.c
+++ b/generic/jkSoundFile.c
@@ -1796,7 +1796,14 @@
 GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, 
 	       int len)
 {
-  int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
+  int rlen;
+
+  if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
+    Tcl_AppendResult(interp, "Excessive header size", NULL);
+    return TCL_ERROR;
+  }
+
+  rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
 
   if (rlen < len - s->firstNRead){
     Tcl_AppendResult(interp, "Failed reading header bytes", NULL);