wok-next diff arj/stuff/patches/CVE-2015-2782-buffer-overflow.patch @ rev 21226
updated chocolate-doom (1.4.0 -> 3.0.0)
| author | Hans-G?nter Theisgen |
|---|---|
| date | Tue Dec 03 16:21:36 2019 +0100 (2019-12-03) |
| parents | |
| children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/arj/stuff/patches/CVE-2015-2782-buffer-overflow.patch Tue Dec 03 16:21:36 2019 +0100 1.3 @@ -0,0 +1,35 @@ 1.4 +Description: Fix buffer overflow causing an invalid pointer free(). 1.5 +Author: Guillem Jover <guillem@debian.org> 1.6 +Origin: vendor 1.7 +Bug-Debian: https://bugs.debian.org/774015 1.8 +Forwarded: no 1.9 +Last-Update: 2015-02-26 1.10 + 1.11 +--- 1.12 + decode.c | 6 +++--- 1.13 + 1 file changed, 3 insertions(+), 3 deletions(-) 1.14 + 1.15 +--- a/decode.c 1.16 ++++ b/decode.c 1.17 +@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i 1.18 + if(i==i_special) 1.19 + { 1.20 + c=getbits(2); 1.21 +- while(--c>=0) 1.22 ++ while(--c>=0&&i<nn) 1.23 + pt_len[i++]=0; 1.24 + } 1.25 + } 1.26 +@@ -314,10 +314,10 @@ void read_c_len() 1.27 + c=getbits(CBIT); 1.28 + c+=20; 1.29 + } 1.30 +- while(--c>=0) 1.31 ++ while(--c>=0&&i<NC) 1.32 + c_len[i++]=0; 1.33 + } 1.34 +- else 1.35 ++ else if (i<NC) 1.36 + c_len[i++]=(unsigned char)(c-2); 1.37 + } 1.38 + while(i<NC)