/[smeserver]/rpms/clamav/sme9/zlib-1.2.7-fix-serious-but-very-rare-decompression-bug-in-inftr.patch
ViewVC logotype

Annotation of /rpms/clamav/sme9/zlib-1.2.7-fix-serious-but-very-rare-decompression-bug-in-inftr.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Tue Nov 13 04:52:25 2018 UTC (5 years, 11 months ago) by jpp
Branch: MAIN
CVS Tags: clamav-0_100_2-4_el6_sme, clamav-0_100_2-3_el6_sme, clamav-0_100_2-6_el6_sme, clamav-0_100_2-5_el6_sme, HEAD
Changes since 1.1: +46 -501 lines
zlib patch

1 jpp 1.2 From 51370f365607fe14a6a7a1a27b3bd29d788f5e5b Mon Sep 17 00:00:00 2001
2     From: Mark Adler <madler@alumni.caltech.edu>
3     Date: Mon, 18 Feb 2013 21:06:35 -0800
4     Subject: [PATCH] Fix serious but very rare decompression bug in inftrees.c.
5    
6     inftrees.c compared the number of used table entries to the maximum
7     allowed value using >= instead of >. This patch fixes those to use
8     >. The bug was discovered by Ignat Kolesnichenko of Yandex LC
9     where they have run petabytes of data through zlib. Triggering the
10     bug is apparently very rare, seeing as how it has been out there in
11     the wild for almost three years before being discovered. The bug
12     is instantiated only if the exact maximum number of decoding table
13     entries, ENOUGH_DISTS or ENOUGH_LENS is used by the block being
14     decoded, resulting in the false positive of overflowing the table.
15     ---
16     inftrees.c | 8 ++++----
17     1 file changed, 4 insertions(+), 4 deletions(-)
18    
19     diff --git a/inftrees.c b/inftrees.c
20     index 873da59..3781399 100644
21     --- a/inftrees.c
22     +++ b/inftrees.c
23     @@ -208,8 +208,8 @@ unsigned short FAR *work;
24     mask = used - 1; /* mask for comparing low */
25    
26     /* check available table space */
27     - if ((type == LENS && used >= ENOUGH_LENS) ||
28     - (type == DISTS && used >= ENOUGH_DISTS))
29     + if ((type == LENS && used > ENOUGH_LENS) ||
30     + (type == DISTS && used > ENOUGH_DISTS))
31     return 1;
32    
33     /* process all codes and make table entries */
34     @@ -277,8 +277,8 @@ unsigned short FAR *work;
35    
36     /* check for enough space */
37     used += 1U << curr;
38     - if ((type == LENS && used >= ENOUGH_LENS) ||
39     - (type == DISTS && used >= ENOUGH_DISTS))
40     + if ((type == LENS && used > ENOUGH_LENS) ||
41     + (type == DISTS && used > ENOUGH_DISTS))
42     return 1;
43    
44     /* point entry in root table to sub-table */
45     --
46     1.9.3
47 jpp 1.1

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed