Overview

File dumb-0.9.3-CVE-2006-3668.patch of Package dumb

--- src/it/itread.c
+++ src/it/itread.c
@@ -292,6 +292,11 @@
 
 	envelope->flags = dumbfile_getc(f);
 	envelope->n_nodes = dumbfile_getc(f);
+	if(envelope->n_nodes > 25) {
+		TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
+		envelope->n_nodes = 0;
+		return -1;
+	}
 	envelope->loop_start = dumbfile_getc(f);
 	envelope->loop_end = dumbfile_getc(f);
 	envelope->sus_loop_start = dumbfile_getc(f);
openSUSE Build Service is sponsored by
Places