summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-07-02 13:44:07 +0000
committerMike Frysinger <vapier@gentoo.org>2005-07-02 13:44:07 +0000
commit028468160c74c8e99ef09f16e32dc5b73b34eef8 (patch)
treeb0498f38cf7a7cbe1a4e241d04aa08669db7faed /app-arch/gzip/files
parentStable on alpha. (diff)
downloadgentoo-2-028468160c74c8e99ef09f16e32dc5b73b34eef8.tar.gz
gentoo-2-028468160c74c8e99ef09f16e32dc5b73b34eef8.tar.bz2
gentoo-2-028468160c74c8e99ef09f16e32dc5b73b34eef8.zip
Fix crash on bad input #94584 by Tavis Ormandy.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'app-arch/gzip/files')
-rw-r--r--app-arch/gzip/files/digest-gzip-1.3.5-r81
-rw-r--r--app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch22
2 files changed, 23 insertions, 0 deletions
diff --git a/app-arch/gzip/files/digest-gzip-1.3.5-r8 b/app-arch/gzip/files/digest-gzip-1.3.5-r8
new file mode 100644
index 000000000000..07db7e681363
--- /dev/null
+++ b/app-arch/gzip/files/digest-gzip-1.3.5-r8
@@ -0,0 +1 @@
+MD5 3d6c191dfd2bf307014b421c12dc8469 gzip-1.3.5.tar.gz 331550
diff --git a/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch b/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch
new file mode 100644
index 000000000000..2558634de1d9
--- /dev/null
+++ b/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch
@@ -0,0 +1,22 @@
+The huft_build() function should return 2 if the input is invalid (such
+as all zero length codes) and 0 if the input is valid. The zero length
+code check incorrectly returns 0 however causing gzip to segv on some
+invalid input cases.
+
+Discovered & fixed by Tavis Ormandy.
+
+http://bugs.gentoo.org/94584
+
+--- inflate.c
++++ inflate.c
+@@ -336,9 +336,9 @@ int huft_build(b, n, s, d, e, t, m)
+ if (c[0] == n) /* null input--all zero length codes */
+ {
+ *t = (struct huft *)NULL;
+ *m = 0;
+- return 0;
++ return 2;
+ }
+
+
+ /* Find minimum and maximum length, bound *m by those */