BZ2_bzclose fails to perform a NULL pointer check before actually using the passed BZFILE * argument. The NULL check *is* performed but only after the argument is used for the first time, resulting in a potential NULL pointer dereference. Reproducible: Always Steps to Reproduce: 1. Call BZ2_bzclose with a NULL argument, resulting in a NULL pointer dereference. Actual Results: SIGSEGV issued Expected Results: BZ2_bzclose should have just returned without doing anything. Bug also reported to upstream bzip2 authors / maintainers.
Created attachment 46625 [details, diff] Patch to bzip2 to fix the issue. Attached patch modifies BZ2_bzclose to check its argument before first using it, not afterwards.
i noticed this while coding some zlib/bzip2 apps of mine but figured it was a feature ? :) did you make this patch yourself ? if so, have you sent it upstream ?
Definitely a bug, not a feature. Yes and yes.
The report email seems to only have been accepted by Mr. Seward's mail server (jseward [at] acm.org). The zlib compatibility layer author seems to have dropped off the map - both QWF00133 [at] niftyserve.or.jp and tsuneo-y [at] is.aist-nara.ac.jp bounce.
awesome ... if you havent heard back from them in a few days i'll gladly merge this fix :)
No reaction from Mr. Seward yet - I think you can merge this thing. It's a very simple and trivial patch anyway (I stumbled over it by accident while studying the sources).
added to 1.0.2-r4 please keep us updated if you get word back from upstream :)