16 lines
361 B
Text
16 lines
361 B
Text
$NetBSD: patch-ah,v 1.1 2010/02/02 14:42:43 taca Exp $
|
|
|
|
Fix for CVE-2010-0001.
|
|
|
|
--- unlzw.c.orig 2006-12-11 18:54:39.000000000 +0000
|
|
+++ unlzw.c
|
|
@@ -248,7 +248,8 @@ int unlzw(in, out)
|
|
int o;
|
|
|
|
resetbuf:
|
|
- e = insize-(o = (posbits>>3));
|
|
+ o = posbits >> 3;
|
|
+ e = o <= insize ? insize - o : 0;
|
|
|
|
for (i = 0 ; i < e ; ++i) {
|
|
inbuf[i] = inbuf[i+o];
|