okseby/Quake-III-Arena
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update libvorbis from 1.3.5 to 1.3.6

Browse source 
* Fix CVE-2018-5146 - out-of-bounds write on codebook decoding.
* Fix CVE-2017-14632 - free() on unitialized data
* Fix CVE-2017-14633 - out-of-bounds read
This commit is contained in:
Zack Middleton 2018-03-16 12:30:08 -05:00
parent ebd3d516ac
commit b78c6e61bf
67 changed files with 46 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

3
code/libvorbis-1.3.5/lib/synthesis.c
View file

@ -11,7 +11,6 @@
********************************************************************
function: single-block PCM synthesis
last mod: $Id: synthesis.c 19441 2015-01-21 01:17:41Z xiphmont $
********************************************************************/
@ -117,7 +116,7 @@ int vorbis_synthesis_trackonly(vorbis_block *vb,ogg_packet *op){
if(!ci->mode_param[mode]){
return(OV_EBADPACKET);
}
vb->W=ci->mode_param[mode]->blockflag;
if(vb->W){
vb->lW=oggpack_read(opb,1);