3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
18 lines
885 B
Diff
18 lines
885 B
Diff
Index: contrib/bzip2/decompress.c
|
|
===================================================================
|
|
--- contrib/bzip2/decompress.c (revision 212452)
|
|
+++ contrib/bzip2/decompress.c (working copy)
|
|
@@ -381,6 +381,13 @@
|
|
es = -1;
|
|
N = 1;
|
|
do {
|
|
+ /* Check that N doesn't get too big, so that es doesn't
|
|
+ go negative. The maximum value that can be
|
|
+ RUNA/RUNB encoded is equal to the block size (post
|
|
+ the initial RLE), viz, 900k, so bounding N at 2
|
|
+ million should guard against overflow without
|
|
+ rejecting any legitimate inputs. */
|
|
+ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
|
|
if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
|
|
if (nextSym == BZ_RUNB) es = es + (1+1) * N;
|
|
N = N * 2;
|