winemp3: A fix for security alert CVE-2006-1655.

2009-08-07 11:48:27 -05:00 · 2009-08-07 11:48:27 -05:00 · e9aaea044b
parent b7a852b1df
commit e9aaea044b
1 changed files with 6 additions and 3 deletions
--- a/dlls/winemp3.acm/layer3.c
+++ b/dlls/winemp3.acm/layer3.c
@ -1061,8 +1061,9 @@ maybe still wrong??? (copy 12 to 13?) */
 * and mode = mixed_mode
 */
           int sfb = gr_info->maxbandl;
-           int idx = bi->longIdx[sfb];
-
+           int idx;
+           if(sfb > 21) return; /* similarity fix related to CVE-2006-1655 */
+           idx = bi->longIdx[sfb];
           for ( ; sfb<8; sfb++ )
           {
             int sb = bi->longDiff[sfb];
@ -1085,7 +1086,9 @@ maybe still wrong??? (copy 12 to 13?) */
      else /* ((gr_info->block_type != 2)) */
      {
        int sfb = gr_info->maxbandl;
-        int is_p,idx = bi->longIdx[sfb];
+        int is_p,idx;
+        if (sfb > 21)  return; /* tightened fix for CVE-2006-1655 */
+        idx  = bi->longIdx[sfb];
        for ( ; sfb<21; sfb++)
        {
          int sb = bi->longDiff[sfb];