16 lines
370 B
Text
16 lines
370 B
Text
Fixes for CVE-2017-8372, CVE-2017-8373, CVE-2017-8374.
|
|
From Debian 0.15.1b-10, debian/patches/length-check.patch
|
|
|
|
Index: bit.c
|
|
--- bit.c.orig
|
|
+++ bit.c
|
|
@@ -138,6 +138,9 @@ unsigned long mad_bit_read(struct mad_bitptr *bitptr,
|
|
{
|
|
register unsigned long value;
|
|
|
|
+ if (len == 0)
|
|
+ return 0;
|
|
+
|
|
if (bitptr->left == CHAR_BIT)
|
|
bitptr->cache = *bitptr->byte;
|
|
|