Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 146488 Details for
Bug 213820
app-arch/bzip2 <1.0.5 CERT-FI: 20469 Buffer overread (CVE-2008-1372)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
bzip2-CERT-FI-20469.patch
bzip2-CERT-FI-20469.patch (text/plain), 1.72 KB, created by
Robert Buchholz (RETIRED)
on 2008-03-18 14:16:44 UTC
(
hide
)
Description:
bzip2-CERT-FI-20469.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-03-18 14:16:44 UTC
Size:
1.72 KB
patch
obsolete
>--- bzip2-1.0.4/bzlib.c 2007-01-03 03:00:55.000000000 +0100 >+++ bzip2-1.0.5/bzlib.c 2007-12-09 14:57:21.000000000 +0100 >@@ -598,6 +598,7 @@ > UInt32 c_tPos = s->tPos; > char* cs_next_out = s->strm->next_out; > unsigned int cs_avail_out = s->strm->avail_out; >+ Int32 ro_blockSize100k = s->blockSize100k; > /* end restore */ > > UInt32 avail_out_INIT = cs_avail_out; >--- bzip2-1.0.4/bzlib_private.h 2007-01-03 03:00:55.000000000 +0100 >+++ bzip2-1.0.5/bzlib_private.h 2007-12-09 15:00:46.000000000 +0100 >@@ -442,11 +442,15 @@ > /*-- Macros for decompression. --*/ > > #define BZ_GET_FAST(cccc) \ >+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \ >+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \ > s->tPos = s->tt[s->tPos]; \ > cccc = (UChar)(s->tPos & 0xff); \ > s->tPos >>= 8; > > #define BZ_GET_FAST_C(cccc) \ >+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \ >+ if (c_tPos >= (UInt32)100000 * (UInt32)ro_blockSize100k) return True; \ > c_tPos = c_tt[c_tPos]; \ > cccc = (UChar)(c_tPos & 0xff); \ > c_tPos >>= 8; >@@ -469,8 +473,10 @@ > (((UInt32)s->ll16[i]) | (GET_LL4(i) << 16)) > > #define BZ_GET_SMALL(cccc) \ >- cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \ >- s->tPos = GET_LL(s->tPos); >+ /* c_tPos is unsigned, hence test < 0 is pointless. */ \ >+ if (s->tPos >= (UInt32)100000 * (UInt32)s->blockSize100k) return True; \ >+ cccc = BZ2_indexIntoF ( s->tPos, s->cftab ); \ >+ s->tPos = GET_LL(s->tPos); > > > /*-- externs for decompression. --*/
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=146488">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 213820
: 146488
