summaryrefslogtreecommitdiffstats
path: root/abs/core-testing/unzip/unzip-5.5.2-CVE-2008-0888.patch
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core-testing/unzip/unzip-5.5.2-CVE-2008-0888.patch')
-rw-r--r--abs/core-testing/unzip/unzip-5.5.2-CVE-2008-0888.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/abs/core-testing/unzip/unzip-5.5.2-CVE-2008-0888.patch b/abs/core-testing/unzip/unzip-5.5.2-CVE-2008-0888.patch
new file mode 100644
index 0000000..f29a75b
--- /dev/null
+++ b/abs/core-testing/unzip/unzip-5.5.2-CVE-2008-0888.patch
@@ -0,0 +1,50 @@
+--- inflate.c 2005-02-27 06:08:46.000000000 +0000
++++ inflate.c 2006-07-19 21:45:33.543595000 +0100
+@@ -983,6 +983,7 @@
+ unsigned l; /* last length */
+ unsigned m; /* mask for bit lengths table */
+ unsigned n; /* number of lengths to get */
++ struct huft *tlp;
+ struct huft *tl; /* literal/length code table */
+ struct huft *td; /* distance code table */
+ unsigned bl; /* lookup bits for tl */
+@@ -996,6 +997,8 @@
+ int retval = 0; /* error code returned: initialized to "no error" */
+
+
++ td = tlp = tl = (struct huft *)NULL;
++
+ /* make local bit buffer */
+ Trace((stderr, "\ndynamic block"));
+ b = G.bb;
+@@ -1047,9 +1050,9 @@
+ while (i < n)
+ {
+ NEEDBITS(bl)
+- j = (td = tl + ((unsigned)b & m))->b;
++ j = (tlp = tl + ((unsigned)b & m))->b;
+ DUMPBITS(j)
+- j = td->v.n;
++ j = tlp->v.n;
+ if (j < 16) /* length of code in bits (0..15) */
+ ll[i++] = l = j; /* save last length in l */
+ else if (j == 16) /* repeat last length 3 to 6 times */
+@@ -1141,6 +1144,7 @@
+ huft_free(td);
+ }
+ huft_free(tl);
++
+ return retval;
+ }
+
+@@ -1149,8 +1153,8 @@
+
+ cleanup_and_exit:
+ /* free the decoding tables, return */
+- huft_free(tl);
+- huft_free(td);
++ if (tl) huft_free(tl);
++ if (td) huft_free(td);
+ return retval;
+ }
+