wok-next annotate arj/stuff/patches/CVE-2015-2782-buffer-overflow.patch @ rev 19715
Fix building: pciutils, pcmanfm-legacy, arj
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Sat May 13 17:25:31 2017 +0300 (2017-05-13) |
| parents | |
| children |
| rev | line source |
|---|---|
| al@19715 | 1 Description: Fix buffer overflow causing an invalid pointer free(). |
| al@19715 | 2 Author: Guillem Jover <guillem@debian.org> |
| al@19715 | 3 Origin: vendor |
| al@19715 | 4 Bug-Debian: https://bugs.debian.org/774015 |
| al@19715 | 5 Forwarded: no |
| al@19715 | 6 Last-Update: 2015-02-26 |
| al@19715 | 7 |
| al@19715 | 8 --- |
| al@19715 | 9 decode.c | 6 +++--- |
| al@19715 | 10 1 file changed, 3 insertions(+), 3 deletions(-) |
| al@19715 | 11 |
| al@19715 | 12 --- a/decode.c |
| al@19715 | 13 +++ b/decode.c |
| al@19715 | 14 @@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i |
| al@19715 | 15 if(i==i_special) |
| al@19715 | 16 { |
| al@19715 | 17 c=getbits(2); |
| al@19715 | 18 - while(--c>=0) |
| al@19715 | 19 + while(--c>=0&&i<nn) |
| al@19715 | 20 pt_len[i++]=0; |
| al@19715 | 21 } |
| al@19715 | 22 } |
| al@19715 | 23 @@ -314,10 +314,10 @@ void read_c_len() |
| al@19715 | 24 c=getbits(CBIT); |
| al@19715 | 25 c+=20; |
| al@19715 | 26 } |
| al@19715 | 27 - while(--c>=0) |
| al@19715 | 28 + while(--c>=0&&i<NC) |
| al@19715 | 29 c_len[i++]=0; |
| al@19715 | 30 } |
| al@19715 | 31 - else |
| al@19715 | 32 + else if (i<NC) |
| al@19715 | 33 c_len[i++]=(unsigned char)(c-2); |
| al@19715 | 34 } |
| al@19715 | 35 while(i<NC) |