gzip/gzip-1.3.12-cve_2006_4336.patch

diff -ru gzip-1.3.12/unpack.c gzip-1.3.12-fix/unpack.c
--- gzip-1.3.12/unpack.c	2006-11-20 09:40:34.000000000 +0100
+++ gzip-1.3.12-fix/unpack.c	2007-04-18 22:06:50.000000000 +0200
@@ -150,7 +150,7 @@
 	/* Remember where the literals of this length start in literal[] : */
 	lit_base[len] = base;
 	/* And read the literals: */
-	for (n = leaves[len]; n > 0; n--) {
+	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
 	    literal[base++] = (uch)get_byte();
 	}
     }
@@ -186,7 +186,7 @@
     prefixp = &prefix_len[1<<peek_bits];
     for (len = 1; len <= peek_bits; len++) {
 	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
-	while (prefixes--) *--prefixp = (uch)len;
+	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
     }
     /* The length of all other codes is unknown: */
     while (prefixp > prefix_len) *--prefixp = 0;
automatic version update by autodist [release 1.6-1mamba;Mon Jun 10 2013] 2024-01-05 23:37:10 +01:00			`diff -ru gzip-1.3.12/unpack.c gzip-1.3.12-fix/unpack.c`
			`--- gzip-1.3.12/unpack.c 2006-11-20 09:40:34.000000000 +0100`
			`+++ gzip-1.3.12-fix/unpack.c 2007-04-18 22:06:50.000000000 +0200`
			`@@ -150,7 +150,7 @@`
			`/* Remember where the literals of this length start in literal[] : */`
			`lit_base[len] = base;`
			`/* And read the literals: */`
			`- for (n = leaves[len]; n > 0; n--) {`
			`+ for (n = leaves[len]; n > 0 && base < LITERALS; n--) {`
			`literal[base++] = (uch)get_byte();`
			`}`
			`}`
			`@@ -186,7 +186,7 @@`
			`prefixp = &prefix_len[1<<peek_bits];`
			`for (len = 1; len <= peek_bits; len++) {`
			`int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */`
			`- while (prefixes--) *--prefixp = (uch)len;`
			`+ while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;`
			`}`
			`/* The length of all other codes is unknown: */`
			`while (prefixp > prefix_len) *--prefixp = 0;`