Module Name: src
Committed By: christos
Date: Tue Aug 16 03:33:37 UTC 2011
Modified Files:
src/external/bsd/libarchive/dist/libarchive:
archive_read_support_compression_compress.c
Log Message:
provisional fix for CVS-2011-2895, buffer overflow during decompress
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.2 \
src/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c
diff -u src/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c:1.1.1.2 src/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c:1.2
--- src/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c:1.1.1.2 Fri Feb 19 21:48:30 2010
+++ src/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c Mon Aug 15 23:33:37 2011
@@ -362,6 +362,7 @@
}
if (code > state->free_ent) {
+out:
/* An invalid code is a fatal error. */
archive_set_error(&(self->archive->archive), -1,
"Invalid compressed data");
@@ -376,6 +377,11 @@
/* Generate output characters in reverse order. */
while (code >= 256) {
+ // XXX: long -> ptrdiff_t, but don't want to bother with
+ // autoconf for now.
+ if (state->stackp - state->stack >=
+ (long)(sizeof(state->stack) - 1))
+ goto out;
*state->stackp++ = state->suffix[code];
code = state->prefix[code];
}
