| |
@@ -0,0 +1,28 @@
|
| |
+ From d5597d7b6ebc1bbe07158d704b3b62acb11a5783 Mon Sep 17 00:00:00 2001
|
| |
+ From: Kevin Backhouse <kevinbackhouse@github.com>
|
| |
+ Date: Wed, 27 Sep 2023 20:22:43 +0100
|
| |
+ Subject: [PATCH] Check that the array index isn't negative. This fixes
|
| |
+ CVE-2023-43641.
|
| |
+
|
| |
+ Signed-off-by: Kevin Backhouse <kevinbackhouse@github.com>
|
| |
+ (cherry picked from commit fdf72c8bded8d24cfa0608b8e97f2eed210a920e)
|
| |
+ ---
|
| |
+ cd.c | 2 +-
|
| |
+ 1 file changed, 1 insertion(+), 1 deletion(-)
|
| |
+
|
| |
+ diff --git a/cd.c b/cd.c
|
| |
+ index cf77a18..4bbea19 100644
|
| |
+ --- a/cd.c
|
| |
+ +++ b/cd.c
|
| |
+ @@ -339,7 +339,7 @@ track_get_rem(const Track* track)
|
| |
+
|
| |
+ void track_set_index(Track *track, int i, long ind)
|
| |
+ {
|
| |
+ - if (i > MAXINDEX) {
|
| |
+ + if (i < 0 || i > MAXINDEX) {
|
| |
+ fprintf(stderr, "too many indexes\n");
|
| |
+ return;
|
| |
+ }
|
| |
+ --
|
| |
+ 2.41.0
|
| |
+
|
| |