diff options
Diffstat (limited to 'app-arch/gzip/files')
-rw-r--r-- | app-arch/gzip/files/digest-gzip-1.3.5-r8 | 1 | ||||
-rw-r--r-- | app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch | 22 |
2 files changed, 23 insertions, 0 deletions
diff --git a/app-arch/gzip/files/digest-gzip-1.3.5-r8 b/app-arch/gzip/files/digest-gzip-1.3.5-r8 new file mode 100644 index 000000000000..07db7e681363 --- /dev/null +++ b/app-arch/gzip/files/digest-gzip-1.3.5-r8 @@ -0,0 +1 @@ +MD5 3d6c191dfd2bf307014b421c12dc8469 gzip-1.3.5.tar.gz 331550 diff --git a/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch b/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch new file mode 100644 index 000000000000..2558634de1d9 --- /dev/null +++ b/app-arch/gzip/files/gzip-1.3.5-huft-build-return-fix.patch @@ -0,0 +1,22 @@ +The huft_build() function should return 2 if the input is invalid (such +as all zero length codes) and 0 if the input is valid. The zero length +code check incorrectly returns 0 however causing gzip to segv on some +invalid input cases. + +Discovered & fixed by Tavis Ormandy. + +http://bugs.gentoo.org/94584 + +--- inflate.c ++++ inflate.c +@@ -336,9 +336,9 @@ int huft_build(b, n, s, d, e, t, m) + if (c[0] == n) /* null input--all zero length codes */ + { + *t = (struct huft *)NULL; + *m = 0; +- return 0; ++ return 2; + } + + + /* Find minimum and maximum length, bound *m by those */ |