Fix for an integer overflow bug that could cause a segfault on certain
pathological archives. (Unlikely to have security implications, the only way to trigger it basically wound up doing memset(dbuf,x,2^31) and triggering an immediate segfault. The test basically gives us a more polite error message.) Thanks to Ned Ludd and the Gentoo security guys for finding this.
This commit is contained in:
parent
2c98c40ec8
commit
efae294b15
@ -413,7 +413,7 @@ got_huff_bits:
|
||||
context). Thus space is saved. */
|
||||
|
||||
t += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
|
||||
runPos <<= 1;
|
||||
if(runPos < dbufSize) runPos <<= 1;
|
||||
goto end_of_huffman_loop;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user