1 files changed, 33 insertions, 2 deletions

diff --git a/archivers/arj/patches/patch-decode.c b/archivers/arj/patches/patch-decode.c
index f2232a9921a..cb1455918e4 100644
--- a/archivers/arj/patches/patch-decode.c
+++ b/archivers/arj/patches/patch-decode.c
@@ -1,8 +1,10 @@
-$NetBSD: patch-decode.c,v 1.1 2015/04/12 15:54:02 tnn Exp $
+$NetBSD: patch-decode.c,v 1.2 2022/01/08 14:43:09 tnn Exp $
 
 Fix CVE-2015-2782. Via Debian security-afl.patch.
 
---- decode.c.orig	2003-04-12 16:15:58.000000000 +0000
+Fix out-of-bounds read via Debian out-of-bounds-read.patch.
+
+--- decode.c.orig	2022-01-08 14:27:21.037706349 +0000
 +++ decode.c
 @@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
     if(i==i_special)
@@ -26,3 +28,32 @@ Fix CVE-2015-2782. Via Debian security-afl.patch.
      c_len[i++]=(unsigned char)(c-2);
    }
    while(i<NC)
+@@ -416,10 +416,10 @@ static void NEAR decode_end()
+ 
+ void decode(int action)
+ {
+- short i;
+- short r;
+- short c;
+- static short j;
++ int i;
++ int r;
++ int c;
++ static int j;
+ 
+  #if SFX_LEVEL>=ARJSFXV
+  if(!setjmp(decode_proc))
+@@ -450,9 +450,12 @@ void decode(int action)
+    {
+     j=c-(UCHAR_MAX+1-THRESHOLD);
+     count-=(unsigned long)j;
+-    i=r-decode_p()-1;
++    int P = decode_p();
++    i=r-P-1;
+     if(i<0)
+      i+=DICSIZ;
++    if(i<0)
++      goto termination;
+     if(r>i&&r<DICSIZ-MAXMATCH-1)
+     {
+      while(--j>=0)