okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update libvorbis from 1.3.5 to 1.3.6

Browse source 
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
This commit is contained in:
Zack Middleton 2018-03-16 12:30:08 -05:00
parent ebd3d516ac
commit b78c6e61bf
67 changed files with 46 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

2
code/libvorbis-1.3.5/lib/mapping0.c
View file

@ -11,7 +11,6 @@
********************************************************************
function: channel mapping 0 implementation
last mod: $Id: mapping0.c 19441 2015-01-21 01:17:41Z xiphmont $
********************************************************************/
@ -93,7 +92,6 @@ static vorbis_info_mapping *mapping0_unpack(vorbis_info *vi,oggpack_buffer *opb)
int i,b;
vorbis_info_mapping0 *info=_ogg_calloc(1,sizeof(*info));
codec_setup_info *ci=vi->codec_setup;
memset(info,0,sizeof(*info));
if(vi->channels<=0)goto err_out;
b=oggpack_read(opb,1);