Dirk Mueller
5a9ad107ea
- security update - added patches CVE-2025-48172 [bsc#1245803], integer overflow in _chm_decompress_block of chm_lib.c can lead to heap buffer overflow + chmlib-CVE-2025-48172.patch OBS-URL: https://build.opensuse.org/request/show/1291013 OBS-URL: https://build.opensuse.org/package/show/X11:common:Factory/chmlib?expand=0&rev=17
25 lines
619 B
Diff
25 lines
619 B
Diff
Index: chmlib-0.40/src/chm_lib.c
|
|
===================================================================
|
|
--- chmlib-0.40.orig/src/chm_lib.c
|
|
+++ chmlib-0.40/src/chm_lib.c
|
|
@@ -86,6 +86,7 @@
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>
|
|
+#include <limits.h>
|
|
/* #include <dmalloc.h> */
|
|
#endif
|
|
|
|
@@ -570,6 +571,11 @@ static int _unmarshal_lzxc_reset_table(u
|
|
if (dest->version != 2)
|
|
return 0;
|
|
|
|
+ if (dest->uncompressed_len > INT_MAX || dest->compressed_len > INT_MAX)
|
|
+ return 0;
|
|
+ if (dest->block_len == 0 || dest->block_len > INT_MAX)
|
|
+ return 0;
|
|
+
|
|
return 1;
|
|
}
|
|
|