"origPtr" is used as an offset into the bd->dbuf[] array. That array
is allocated in start_bunzip() and has "bd->dbufSize" number of elements
so the test here should be >= instead of >.
Later we check "origPtr" again before using it as an offset so I don't
know if this bug can be triggered in
origPtr is used as an offset into the bd-dbuf[] array. That array
is allocated in start_bunzip() and has bd-dbufSize number of elements
so the test here should be = instead of .
Later we check origPtr again before using it as an offset so I don't
know if this bug can be triggered in real life.
2 matches
Mail list logo