system/arj: Security fixes.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
author: B. Watson <yalhcru@gmail.com> 2015-04-07 19:58:35 +0700
committer: Willy Sudiarto Raharjo <willysr@slackbuilds.org> 2015-04-07 19:58:35 +0700
commit: 51604f30957277f0f1cdecd4fcc2d8e1040a5859 (patch)
tree: fd53149b90a1950415cd0daedf13915aa38ecbef /system/arj/patches/security-afl.patch
parent: f62f19ede487f36a8a3604f3ad843ee241b9284d (diff)
download: slackbuilds-51604f30957277f0f1cdecd4fcc2d8e1040a5859.tar.gz
1 files changed, 35 insertions, 0 deletions
diff --git a/system/arj/patches/security-afl.patch b/system/arj/patches/security-afl.patch
new file mode 100644
index 0000000000..ed2bf57717
--- /dev/null
+++ b/system/arj/patches/security-afl.patch
@@ -0,0 +1,35 @@
+Description: Fix buffer overflow causing an invalid pointer free().
+Author: Guillem Jover <guillem@debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774015
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ decode.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/decode.c
++++ b/decode.c
+@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
+    if(i==i_special)
+    {
+     c=getbits(2);
+-    while(--c>=0)
++    while(--c>=0&&i<nn)
+      pt_len[i++]=0;
+    }
+   }
+@@ -314,10 +314,10 @@ void read_c_len()
+      c=getbits(CBIT);
+      c+=20;
+     }
+-    while(--c>=0)
++    while(--c>=0&&i<NC)
+      c_len[i++]=0;
+    }
+-   else
++   else if (i<NC)
+     c_len[i++]=(unsigned char)(c-2);
+   }
+   while(i<NC)
author	B. Watson <yalhcru@gmail.com>	2015-04-07 19:58:35 +0700
committer	Willy Sudiarto Raharjo <willysr@slackbuilds.org>	2015-04-07 19:58:35 +0700
commit	51604f30957277f0f1cdecd4fcc2d8e1040a5859 (patch)
tree	fd53149b90a1950415cd0daedf13915aa38ecbef /system/arj/patches/security-afl.patch
parent	f62f19ede487f36a8a3604f3ad843ee241b9284d (diff)
download	slackbuilds-51604f30957277f0f1cdecd4fcc2d8e1040a5859.tar.gz