gzip/gzip-1.3.12-cve_2006_4335.patch

18 lines
677 B
Diff

diff -pur gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c
--- gzip-1.3.12/unlzh.c 2007-04-18 23:14:42.000000000 +0200
+++ gzip-1.3.12-fix/unlzh.c 2007-04-18 23:17:34.000000000 +0200
@@ -145,8 +145,11 @@ local void make_table(nchar, bitlen, tab
unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
for (i = 1; i <= 16; i++) count[i] = 0;
- for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
-
+ for (i = 0; i < (unsigned)nchar; i++) {
+ if (bitlen[i] > 16)
+ gzip_error("Bad table (case a)\n");
+ else count[bitlen[i]]++;
+ }
start[1] = 0;
for (i = 1; i <= 16; i++)
start[i + 1] = start[i] + (count[i] << (16 - i));