Overview

File libsoup-CVE-2025-32909.patch of Package libsoup.38916

diff -urp libsoup-2.74.3.orig/libsoup/soup-content-sniffer.c libsoup-2.74.3/libsoup/soup-content-sniffer.c
--- libsoup-2.74.3.orig/libsoup/soup-content-sniffer.c	2025-05-27 13:32:31.235362963 -0500
+++ libsoup-2.74.3/libsoup/soup-content-sniffer.c	2025-05-27 19:19:50.297235824 -0500
@@ -227,9 +227,14 @@ sniff_mp4 (SoupContentSniffer *sniffer,
 {
 	const char *resource = (const char *)buffer->data;
 	guint resource_length = MIN (512, buffer->length);
-	guint32 box_size = *((guint32*)resource);
+	guint32 box_size;
 	guint i;
 
+        if (resource_length < sizeof (guint32))
+                return FALSE;
+
+	box_size = *((guint32*)resource);
+
 #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
 	box_size = ((box_size >> 24) |
 		    ((box_size << 8) & 0x00FF0000) |
openSUSE Build Service is sponsored by
Places