winemp3: A fix for security alert CVE-2006-1655.

e9aaea04 · Aric Stewart · Alexandre Julliard · b7a852b1 · e9aaea04
Commit e9aaea04 authored Aug 07, 2009 by Aric Stewart Committed by Alexandre Julliard Aug 10, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

layer3.c dlls/winemp3.acm/layer3.c +6 -3

No files found.
--- a/dlls/winemp3.acm/layer3.c
+++ b/dlls/winemp3.acm/layer3.c
@@ -1061,8 +1061,9 @@ maybe still wrong??? (copy 12 to 13?) */
 * and mode = mixed_mode
 */
           int sfb = gr_info->maxbandl;
-           int idx = bi->longIdx[sfb];
-
+           int idx;
+           if(sfb > 21) return; /* similarity fix related to CVE-2006-1655 */
+           idx = bi->longIdx[sfb];
           for ( ; sfb<8; sfb++ )
           {
             int sb = bi->longDiff[sfb];
@@ -1085,7 +1086,9 @@ maybe still wrong??? (copy 12 to 13?) */
      else /* ((gr_info->block_type != 2)) */
      {
        int sfb = gr_info->maxbandl;
-        int is_p,idx = bi->longIdx[sfb];
+        int is_p,idx;
+        if (sfb > 21)  return; /* tightened fix for CVE-2006-1655 */
+        idx  = bi->longIdx[sfb];
        for ( ; sfb<21; sfb++)
        {
          int sb = bi->longDiff[sfb];