[Datatype-cvs] qcelp/fileformat qcpplin.cpp,1.2.8.3,1.2.8.3.2.1

[Datatype-cvs] qcelp/fileformat qcpplin.cpp,1.2.8.3,1.2.8.3.2.1

ehayashi at helixcommunity.org ehayashi at helixcommunity.org
Fri Apr 8 00:26:25 UTC 2011 

Update of /cvsroot/datatype/qcelp/fileformat
In directory cvs01.internal.helixcommunity.org:/tmp/cvs-serv20027

Modified Files:
      Tag: realplayer14
	qcpplin.cpp 
Log Message:
Bug 400315 - Security: ZDI-CAN-1153
Fixes out of bounds memory access.  Allocate opaque data buffer large enough for chunk data.


Index: qcpplin.cpp
===================================================================
RCS file: /cvsroot/datatype/qcelp/fileformat/qcpplin.cpp,v
retrieving revision 1.2.8.3
retrieving revision 1.2.8.3.2.1
diff -u -d -r1.2.8.3 -r1.2.8.3.2.1
--- qcpplin.cpp	25 Sep 2010 01:18:20 -0000	1.2.8.3
+++ qcpplin.cpp	8 Apr 2011 00:26:23 -0000	1.2.8.3.2.1
@@ -539,7 +539,12 @@
         totalsize = uiDCLen + 24;
         
         HX_VECTOR_DELETE(m_pOpaqueData);
-        m_pOpaqueData = new UCHAR[256];
+        m_pOpaqueData = new UCHAR[totalsize];
+        if (m_pOpaqueData == NULL)
+        {
+            m_state = AS_Ready;
+            return HXR_OUTOFMEMORY;
+        }
         pOrigPos = m_pOpaqueData;
         
         *m_pOpaqueData++ = 0x03; // ES_Descriptor Tag

More information about the Datatype-cvs mailing list
 
Site Map   |   Terms of Use   |   Privacy Policy   |   Contact Us

Copyright © 1995-2007 RealNetworks, Inc. All rights reserved. RealNetworks and Helix are trademarks of RealNetworks.
All other trademarks or registered trademarks are the property of their respective holders.