vorbis-tools/vorbis-tools-1.4.0-CVE-2023-43361.patch
Lukáš Zaoral df80a243b3
fix out-of-bounds read in oggenc (CVE-2023-43361)
Resolves: RHEL-11778
2024-01-18 17:38:48 +01:00

14 lines
429 B
Diff

diff --git a/oggenc/platform.c b/oggenc/platform.c
index 6d9f4ef..c63304b 100644
--- a/oggenc/platform.c
+++ b/oggenc/platform.c
@@ -147,7 +147,7 @@ int create_directories(char *fn, int isutf8)
start = start+2;
#endif
- while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
+ while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
{
int rv;
memcpy(segment, fn, end-fn);