#! /bin/sh /usr/share/dpatch/dpatch-run ## CVE-2007-3507.dpatch by Dan Johnson ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Stack overflow in comment parsing @DPATCH@ diff -u -r flac123-0.0.9/vorbiscomment.c flac123-0.0.10/vorbiscomment.c --- flac123-0.0.9/vorbiscomment.c 2005-02-24 23:17:25.000000000 -0600 +++ flac123-0.0.10/vorbiscomment.c 2007-06-26 19:10:51.000000000 -0500 @@ -44,7 +44,10 @@ if(0 == eq || !dest) return; else { - const unsigned value_length = entry->length - (unsigned)((++eq) - entry->entry); + unsigned value_length = entry->length - (unsigned)((++eq) - entry->entry); + if(value_length > len) { // prevent buffer overflow + value_length = len; + } memset(dest, ' ', len); memcpy(dest, eq, value_length);