summaryrefslogtreecommitdiffhomepage
path: root/archival/libarchive
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2018-05-25 17:03:46 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2018-05-25 17:03:46 +0200
commita36986bb80289c1cd8d15a557e49207c9a42946b (patch)
tree15f40fd0cbd8906b29f14d1871db263445058cdf /archival/libarchive
parent8f48fc01e9e43d16bf5860fa37252b43c76cb395 (diff)
unlzma: close another SEGV possibility
function old new delta unpack_lzma_stream 2669 2686 +17 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/libarchive')
-rw-r--r--archival/libarchive/decompress_unlzma.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index 446319e7b..6886239d0 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -350,8 +350,12 @@ unpack_lzma_stream(transformer_state_t *xstate)
state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
pos = buffer_pos - rep0;
- if ((int32_t)pos < 0)
+ if ((int32_t)pos < 0) {
pos += header.dict_size;
+ /* see unzip_bad_lzma_2.zip: */
+ if (pos >= buffer_size)
+ goto bad;
+ }
previous_byte = buffer[pos];
goto one_byte1;
#else