diff options
Diffstat (limited to 'system/arj/patches/security-afl.patch')
-rw-r--r-- | system/arj/patches/security-afl.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/system/arj/patches/security-afl.patch b/system/arj/patches/security-afl.patch new file mode 100644 index 0000000000000..ed2bf57717863 --- /dev/null +++ b/system/arj/patches/security-afl.patch @@ -0,0 +1,35 @@ +Description: Fix buffer overflow causing an invalid pointer free(). +Author: Guillem Jover <guillem@debian.org> +Origin: vendor +Bug-Debian: https://bugs.debian.org/774015 +Forwarded: no +Last-Update: 2015-02-26 + +--- + decode.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/decode.c ++++ b/decode.c +@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i + if(i==i_special) + { + c=getbits(2); +- while(--c>=0) ++ while(--c>=0&&i<nn) + pt_len[i++]=0; + } + } +@@ -314,10 +314,10 @@ void read_c_len() + c=getbits(CBIT); + c+=20; + } +- while(--c>=0) ++ while(--c>=0&&i<NC) + c_len[i++]=0; + } +- else ++ else if (i<NC) + c_len[i++]=(unsigned char)(c-2); + } + while(i<NC) |