wok-next diff arj/stuff/patches/CVE-2015-2782-buffer-overflow.patch @ rev 19715
Fix building: pciutils, pcmanfm-legacy, arj
author | Aleksej Bobylev <al.bobylev@gmail.com> |
---|---|
date | Sat May 13 17:25:31 2017 +0300 (2017-05-13) |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/arj/stuff/patches/CVE-2015-2782-buffer-overflow.patch Sat May 13 17:25:31 2017 +0300 1.3 @@ -0,0 +1,35 @@ 1.4 +Description: Fix buffer overflow causing an invalid pointer free(). 1.5 +Author: Guillem Jover <guillem@debian.org> 1.6 +Origin: vendor 1.7 +Bug-Debian: https://bugs.debian.org/774015 1.8 +Forwarded: no 1.9 +Last-Update: 2015-02-26 1.10 + 1.11 +--- 1.12 + decode.c | 6 +++--- 1.13 + 1 file changed, 3 insertions(+), 3 deletions(-) 1.14 + 1.15 +--- a/decode.c 1.16 ++++ b/decode.c 1.17 +@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i 1.18 + if(i==i_special) 1.19 + { 1.20 + c=getbits(2); 1.21 +- while(--c>=0) 1.22 ++ while(--c>=0&&i<nn) 1.23 + pt_len[i++]=0; 1.24 + } 1.25 + } 1.26 +@@ -314,10 +314,10 @@ void read_c_len() 1.27 + c=getbits(CBIT); 1.28 + c+=20; 1.29 + } 1.30 +- while(--c>=0) 1.31 ++ while(--c>=0&&i<NC) 1.32 + c_len[i++]=0; 1.33 + } 1.34 +- else 1.35 ++ else if (i<NC) 1.36 + c_len[i++]=(unsigned char)(c-2); 1.37 + } 1.38 + while(i<NC)