commit | 5a365996d739bdf4711af51d9c2c71c8a5e14660 | [log] [tgz] |
---|---|---|
author | Erik de Castro Lopo <erikd@mega-nerd.com> | Thu Nov 27 11:55:11 2014 +1100 |
committer | Erik de Castro Lopo <erikd@mega-nerd.com> | Thu Nov 27 13:40:37 2014 +1100 |
tree | ac3b63dd49f4add337e16e9e5536512d74805cf2 | |
parent | 71b5c028708349e1d698498c54b842a5741dae0f [diff] |
src/libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow. This fix is closely related to the fix for CVE-2014-9028. When that fix went public Miroslav Lichvar noticed a similar potential problem spot in the same function and was able to craft a file to trigger a heap write overflow. Reported-by : Miroslav Lichvar <mlichvar@redhat.com>