emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The gentoo security guys found another way to segfault busybox's decompression

Browse Source 
code: we can do a null dereference if one of our huffman tables has all zero
length codes.  This fixes it.  (Thanks solar.)
This commit is contained in:
Rob Landley 2006-02-20 02:18:03 +00:00
parent dce17c6268
commit eb00afb2d5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
archival/libunarchive/decompress_unzip.c
View File

@ -271,7 +271,7 @@ int huft_build(unsigned int *b, const unsigned int n,
if (c[0] == n) { /* null input--all zero length codes */ if (c[0] == n) { /* null input--all zero length codes */
*t = (huft_t *) NULL; *t = (huft_t *) NULL;
*m = 0; *m = 0;
return 0; return 2;
} }
/* Find minimum and maximum length, bound *m by those */ /* Find minimum and maximum length, bound *m by those */