PKGBUILDs/extra/p7zip/CVE-2017-17969.patch
2018-06-09 21:38:19 +00:00

26 lines
822 B
Diff

From 79bca880ce7bcf07216c45f93afea545e0344418 Mon Sep 17 00:00:00 2001
From: aone <aone@keka.io>
Date: Mon, 5 Feb 2018 13:01:09 +0100
Subject: [PATCH] Security fix CVE-2017-17969
---
CPP/7zip/Compress/ShrinkDecoder.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
index 80b7e67..5bb0559 100644
--- a/CPP/7zip/Compress/ShrinkDecoder.cpp
+++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
{
_stack[i++] = _suffixes[cur];
cur = _parents[cur];
+ if (cur >= kNumItems || i >= kNumItems)
+ break;
}
+
+ if (cur >= kNumItems || i >= kNumItems)
+ break;
_stack[i++] = (Byte)cur;
lastChar2 = (Byte)cur;