diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-07-02 13:44:07 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-07-02 13:44:07 +0000 |
commit | 028468160c74c8e99ef09f16e32dc5b73b34eef8 (patch) | |
tree | b0498f38cf7a7cbe1a4e241d04aa08669db7faed /app-arch/gzip/files | |
parent | Stable on alpha. (diff) | |
download | gentoo-2-028468160c74c8e99ef09f16e32dc5b73b34eef8.tar.gz gentoo-2-028468160c74c8e99ef09f16e32dc5b73b34eef8.tar.bz2 gentoo-2-028468160c74c8e99ef09f16e32dc5b73b34eef8.zip |
Fix crash on bad input #94584 by Tavis Ormandy.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'app-arch/gzip/files')
-rw-r--r-- | app-arch/gzip/files/digest-gzip-1.3.5-r8 | 1 | ||||
-rw-r--r-- | app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch | 22 |
2 files changed, 23 insertions, 0 deletions
diff --git a/app-arch/gzip/files/digest-gzip-1.3.5-r8 b/app-arch/gzip/files/digest-gzip-1.3.5-r8 new file mode 100644 index 000000000000..07db7e681363 --- /dev/null +++ b/app-arch/gzip/files/digest-gzip-1.3.5-r8 @@ -0,0 +1 @@ +MD5 3d6c191dfd2bf307014b421c12dc8469 gzip-1.3.5.tar.gz 331550 diff --git a/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch b/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch new file mode 100644 index 000000000000..2558634de1d9 --- /dev/null +++ b/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch @@ -0,0 +1,22 @@ +The huft_build() function should return 2 if the input is invalid (such +as all zero length codes) and 0 if the input is valid. The zero length +code check incorrectly returns 0 however causing gzip to segv on some +invalid input cases. + +Discovered & fixed by Tavis Ormandy. + +http://bugs.gentoo.org/94584 + +--- inflate.c ++++ inflate.c +@@ -336,9 +336,9 @@ int huft_build(b, n, s, d, e, t, m) + if (c[0] == n) /* null input--all zero length codes */ + { + *t = (struct huft *)NULL; + *m = 0; +- return 0; ++ return 2; + } + + + /* Find minimum and maximum length, bound *m by those */ |