[gcab] Fix buffer overrun when generating Huffman codes
- From: Marc-Andre Lureau <malureau src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gcab] Fix buffer overrun when generating Huffman codes
- Date: Fri, 3 Mar 2017 08:39:14 +0000 (UTC)
commit 4bc4be192c788c27bd4677a0513deb7c0b7d5083
Author: Richard Hughes <richard hughsie com>
Date: Wed Mar 1 17:15:10 2017 +0000
Fix buffer overrun when generating Huffman codes
https://bugzilla.gnome.org/show_bug.cgi?id=779462
libgcab/decomp.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
---
diff --git a/libgcab/decomp.c b/libgcab/decomp.c
index 52445e8..3ee8f9b 100644
--- a/libgcab/decomp.c
+++ b/libgcab/decomp.c
@@ -190,7 +190,9 @@ struct Ziphuft **t, cab_LONG *m, fdi_decomp_state *decomp_state)
xp = ZIP(c) + k;
while (++j < z) /* try smaller tables up to z bits */
{
- if ((f <<= 1) <= *++xp)
+ if (*++xp > ZIPBMAX)
+ return 2; /* corrupt */
+ if ((f <<= 1) <= *xp)
break; /* enough codes to use up j bits */
f -= *xp; /* else deduct codes from patterns */
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
