gzip/gzip-CVE-2010-0001.diff

* unlzw.c (unlzw): Avoid integer overflow.
Aki Helin reported the segfault along with an input to trigger the bug.
Index: gzip-1.3.13/unlzw.c
===================================================================
--- gzip-1.3.13.orig/unlzw.c
+++ gzip-1.3.13/unlzw.c
@@ -244,7 +244,8 @@ int unlzw(in, out)
 	int  o;
 
     resetbuf:
-	e = insize-(o = (posbits>>3));
+        o = posbits >> 3;
+        e = o <= insize ? insize - o : 0;
 
 	for (i = 0 ; i < e ; ++i) {
 	    inbuf[i] = inbuf[i+o];
Accepting request 30400 from Base:System Copy from Base:System/gzip based on submit request 30400 from user mseben OBS-URL: https://build.opensuse.org/request/show/30400 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gzip?expand=0&rev=13 2010-01-29 14:00:15 +00:00			`* unlzw.c (unlzw): Avoid integer overflow.`
			`Aki Helin reported the segfault along with an input to trigger the bug.`
			`Index: gzip-1.3.13/unlzw.c`
			`===================================================================`
			`--- gzip-1.3.13.orig/unlzw.c`
			`+++ gzip-1.3.13/unlzw.c`
			`@@ -244,7 +244,8 @@ int unlzw(in, out)`
			`int o;`

			`resetbuf:`
			`- e = insize-(o = (posbits>>3));`
			`+ o = posbits >> 3;`
			`+ e = o <= insize ? insize - o : 0;`

			`for (i = 0 ; i < e ; ++i) {`
			`inbuf[i] = inbuf[i+o];`