arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch

   1 Description: Fix buffer overflow causing an invalid pointer free().
   2 Author: Guillem Jover <guillem@debian.org>
   3 Origin: vendor
   4 Bug-Debian: https://bugs.debian.org/774015
   5 Forwarded: no
   6 Last-Update: 2015-02-26
   7
   8 ---
   9  decode.c |    6 +++---
  10  1 file changed, 3 insertions(+), 3 deletions(-)
  11
  12 --- a/decode.c
  13 +++ b/decode.c
  14 @@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
  15     if(i==i_special)
  16     {
  17      c=getbits(2);
  18 -    while(--c>=0)
  19 +    while(--c>=0&&i<nn)
  20       pt_len[i++]=0;
  21     }
  22    }
  23 @@ -314,10 +314,10 @@ void read_c_len()
  24       c=getbits(CBIT);
  25       c+=20;
  26      }
  27 -    while(--c>=0)
  28 +    while(--c>=0&&i<NC)
  29       c_len[i++]=0;
  30     }
  31 -   else
  32 +   else if (i<NC)
  33      c_len[i++]=(unsigned char)(c-2);
  34    }
  35    while(i<NC)