summaryrefslogtreecommitdiff
path: root/archivers/brotli/files/patch-CVE-2016-1624
diff options
context:
space:
mode:
authorJan Beich <jbeich@FreeBSD.org>2016-03-08 21:15:16 +0000
committerJan Beich <jbeich@FreeBSD.org>2016-03-08 21:15:16 +0000
commitba1bc3584806c201674ea4728e377d9646f8024a (patch)
tree6dbd59070fb0e9b3a50935f6fc16cf800566fcfc /archivers/brotli/files/patch-CVE-2016-1624
parentUpdate to 1.8 (diff)
archivers/brotli, devel/libbrotli: fix buffer overflow
Obtained from: upstream Security: 1bcfd963-e483-41b8-ab8e-bad5c3ce49c9 MFH: 2016Q1
Notes
Notes: svn path=/head/; revision=410664
Diffstat (limited to '')
-rw-r--r--archivers/brotli/files/patch-CVE-2016-162424
1 files changed, 24 insertions, 0 deletions
diff --git a/archivers/brotli/files/patch-CVE-2016-1624 b/archivers/brotli/files/patch-CVE-2016-1624
new file mode 100644
index 000000000000..781d1283e144
--- /dev/null
+++ b/archivers/brotli/files/patch-CVE-2016-1624
@@ -0,0 +1,24 @@
+From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
+From: eustas <eustas.ru@gmail.com>
+Date: Thu, 4 Feb 2016 15:35:44 +0100
+Subject: [PATCH] Fix possible pointer underflow
+
+---
+ dec/decode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dec/decode.c b/dec/decode.c
+index 920959c..892a254 100644
+--- dec/decode.c
++++ dec/decode.c
+@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
+ } else {
+ const uint8_t *ringbuffer_end_minus_copy_length =
+ s->ringbuffer_end - i;
++ /* Check for possible underflow and clamp the pointer to 0. */
++ if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
++ ringbuffer_end_minus_copy_length = 0;
++ }
+ uint8_t* copy_src = &s->ringbuffer[
+ (pos - s->distance_code) & s->ringbuffer_mask];
+ uint8_t* copy_dst = &s->ringbuffer[pos];
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-18 21:30:54 +0000