diff options
Diffstat (limited to 'debian/patches/CVE-2016-9840.diff')
-rw-r--r-- | debian/patches/CVE-2016-9840.diff | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/debian/patches/CVE-2016-9840.diff b/debian/patches/CVE-2016-9840.diff deleted file mode 100644 index c29fba0..0000000 --- a/debian/patches/CVE-2016-9840.diff +++ /dev/null @@ -1,69 +0,0 @@ -commit 6a043145ca6e9c55184013841a67b2fef87e44c0 -Author: Mark Adler <madler@alumni.caltech.edu> -Date: Wed Sep 21 23:35:50 2016 -0700 - - Remove offset pointer optimization in inftrees.c. - - inftrees.c was subtracting an offset from a pointer to an array, - in order to provide a pointer that allowed indexing starting at - the offset. This is not compliant with the C standard, for which - the behavior of a pointer decremented before its allocated memory - is undefined. Per the recommendation of a security audit of the - zlib code by Trail of Bits and TrustInSoft, in support of the - Mozilla Foundation, this tiny optimization was removed, in order - to avoid the possibility of undefined behavior. - -diff --git a/inftrees.c b/inftrees.c -index 22fcd66..0d2670d 100644 ---- a/src/zlib/inftrees.c -+++ b/src/zlib/inftrees.c -@@ -54,7 +54,7 @@ unsigned short FAR *work; - code FAR *next; /* next available space in table */ - const unsigned short FAR *base; /* base value table to use */ - const unsigned short FAR *extra; /* extra bits table to use */ -- int end; /* use base and extra for symbol > end */ -+ unsigned match; /* use base and extra for symbol >= match */ - unsigned short count[MAXBITS+1]; /* number of codes of each length */ - unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ - static const unsigned short lbase[31] = { /* Length codes 257..285 base */ -@@ -181,19 +181,17 @@ unsigned short FAR *work; - switch (type) { - case CODES: - base = extra = work; /* dummy value--not used */ -- end = 19; -+ match = 20; - break; - case LENS: - base = lbase; -- base -= 257; - extra = lext; -- extra -= 257; -- end = 256; -+ match = 257; - break; - default: /* DISTS */ - base = dbase; - extra = dext; -- end = -1; -+ match = 0; - } - - /* initialize state for loop */ -@@ -216,13 +214,13 @@ unsigned short FAR *work; - for (;;) { - /* create table entry */ - here.bits = (unsigned char)(len - drop); -- if ((int)(work[sym]) < end) { -+ if (work[sym] + 1 < match) { - here.op = (unsigned char)0; - here.val = work[sym]; - } -- else if ((int)(work[sym]) > end) { -- here.op = (unsigned char)(extra[work[sym]]); -- here.val = base[work[sym]]; -+ else if (work[sym] >= match) { -+ here.op = (unsigned char)(extra[work[sym] - match]); -+ here.val = base[work[sym] - match]; - } - else { - here.op = (unsigned char)(32 + 64); /* end of block */ |