mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-26 15:44:20 +00:00
4fd6cb7abd
The vulnerability seems quite serious. It isn't practical to use fetchpatch here due to bootstrapping, so I just committed the small patch file.
14 lines
542 B
Diff
14 lines
542 B
Diff
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d
|
|
diff --git a/decompress.c b/decompress.c
|
|
--- a/decompress.c
|
|
+++ b/decompress.c
|
|
@@ -287,7 +287,7 @@
|
|
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
|
|
if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
|
|
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
|
|
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
|
|
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
|
|
for (i = 0; i < nSelectors; i++) {
|
|
j = 0;
|
|
while (True) {
|