Fix for an integer overflow bug that could cause a segfault on certain

pathological archives.

(Unlikely to have security implications, the only way to trigger it basically
wound up doing memset(dbuf,x,2^31) and triggering an immediate segfault.  The
test basically gives us a more polite error message.)

Thanks to Ned Ludd and the Gentoo security guys for finding this.
This commit is contained in:
Rob Landley 2006-02-17 05:19:40 +00:00
parent 2c98c40ec8
commit efae294b15

View File

@ -413,7 +413,7 @@ got_huff_bits:
context). Thus space is saved. */
t += (runPos << nextSym); /* +runPos if RUNA; +2*runPos if RUNB */
runPos <<= 1;
if(runPos < dbufSize) runPos <<= 1;
goto end_of_huffman_loop;
}