diff options
Diffstat (limited to 'archivers/arj/patches/patch-decode.c')
-rw-r--r-- | archivers/arj/patches/patch-decode.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/archivers/arj/patches/patch-decode.c b/archivers/arj/patches/patch-decode.c index f2232a9921a..cb1455918e4 100644 --- a/archivers/arj/patches/patch-decode.c +++ b/archivers/arj/patches/patch-decode.c @@ -1,8 +1,10 @@ -$NetBSD: patch-decode.c,v 1.1 2015/04/12 15:54:02 tnn Exp $ +$NetBSD: patch-decode.c,v 1.2 2022/01/08 14:43:09 tnn Exp $ Fix CVE-2015-2782. Via Debian security-afl.patch. ---- decode.c.orig 2003-04-12 16:15:58.000000000 +0000 +Fix out-of-bounds read via Debian out-of-bounds-read.patch. + +--- decode.c.orig 2022-01-08 14:27:21.037706349 +0000 +++ decode.c @@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i if(i==i_special) @@ -26,3 +28,32 @@ Fix CVE-2015-2782. Via Debian security-afl.patch. c_len[i++]=(unsigned char)(c-2); } while(i<NC) +@@ -416,10 +416,10 @@ static void NEAR decode_end() + + void decode(int action) + { +- short i; +- short r; +- short c; +- static short j; ++ int i; ++ int r; ++ int c; ++ static int j; + + #if SFX_LEVEL>=ARJSFXV + if(!setjmp(decode_proc)) +@@ -450,9 +450,12 @@ void decode(int action) + { + j=c-(UCHAR_MAX+1-THRESHOLD); + count-=(unsigned long)j; +- i=r-decode_p()-1; ++ int P = decode_p(); ++ i=r-P-1; + if(i<0) + i+=DICSIZ; ++ if(i<0) ++ goto termination; + if(r>i&&r<DICSIZ-MAXMATCH-1) + { + while(--j>=0) |