Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
zziplib
CVE-2018-7725.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-7725.patch of Package zziplib
Index: zziplib-0.13.67/zzip/memdisk.c =================================================================== --- zziplib-0.13.67.orig/zzip/memdisk.c +++ zziplib-0.13.67/zzip/memdisk.c @@ -210,6 +210,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI item->zz_filetype = zzip_disk_entry_get_filetype(entry); /* + * If zz_data+zz_csize exceeds the size of the file, bail out + */ + if ((item->zz_data + item->zz_csize) < disk->buffer || + (item->zz_data + item->zz_csize) >= disk->endbuf) + { + goto error; + } + /* * If the file is uncompressed, zz_csize and zz_usize should be the same * If they are not, we cannot guarantee that either is correct, so ... */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor