989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
18 lines
885 B
Diff
18 lines
885 B
Diff
Index: contrib/bzip2/decompress.c
|
|
===================================================================
|
|
--- contrib/bzip2/decompress.c (revision 212452)
|
|
+++ contrib/bzip2/decompress.c (working copy)
|
|
@@ -381,6 +381,13 @@
|
|
es = -1;
|
|
N = 1;
|
|
do {
|
|
+ /* Check that N doesn't get too big, so that es doesn't
|
|
+ go negative. The maximum value that can be
|
|
+ RUNA/RUNB encoded is equal to the block size (post
|
|
+ the initial RLE), viz, 900k, so bounding N at 2
|
|
+ million should guard against overflow without
|
|
+ rejecting any legitimate inputs. */
|
|
+ if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
|
|
if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
|
|
if (nextSym == BZ_RUNB) es = es + (1+1) * N;
|
|
N = N * 2;
|