From 16d24d778d4c96158658c12b66c1d99020b77154 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20=27Flameeyes=27=20Petten=C3=B2?= Date: Sat, 10 Mar 2007 00:41:34 +0000 Subject: * Security fixes: - Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925] Thanks to Kees Cook for reporting. CVS patchset: 8656 CVS date: 2007/03/10 00:41:34 --- src/libw32dll/DirectShow/DS_VideoDecoder.c | 1 + src/libw32dll/dmo/DMO_VideoDecoder.c | 1 + 2 files changed, 2 insertions(+) (limited to 'src') diff --git a/src/libw32dll/DirectShow/DS_VideoDecoder.c b/src/libw32dll/DirectShow/DS_VideoDecoder.c index e34659f91..44c6d26d7 100644 --- a/src/libw32dll/DirectShow/DS_VideoDecoder.c +++ b/src/libw32dll/DirectShow/DS_VideoDecoder.c @@ -110,6 +110,7 @@ DS_VideoDecoder * DS_VideoDecoder_Open(char* dllname, GUID* guid, BITMAPINFOHEAD this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs); memcpy(this->iv.m_bh, format, bihs); + this->iv.m_bh->biSize = bihs; this->iv.m_State = STOP; //this->iv.m_pFrame = 0; diff --git a/src/libw32dll/dmo/DMO_VideoDecoder.c b/src/libw32dll/dmo/DMO_VideoDecoder.c index 564c26ec8..3ad85645a 100644 --- a/src/libw32dll/dmo/DMO_VideoDecoder.c +++ b/src/libw32dll/dmo/DMO_VideoDecoder.c @@ -118,6 +118,7 @@ DMO_VideoDecoder * DMO_VideoDecoder_Open(char* dllname, GUID* guid, BITMAPINFOHE this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs); memcpy(this->iv.m_bh, format, bihs); + this->iv.m_bh->biSize = bihs; this->iv.m_State = STOP; //this->iv.m_pFrame = 0; -- cgit v1.2.3