forked from pool/bzip2
Kristyna Streitova
3713b730d5
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after free vulnerability that was reported in bzip2recover [bsc#985657] [CVE-2016-3189] OBS-URL: https://build.opensuse.org/request/show/695733 OBS-URL: https://build.opensuse.org/package/show/Archiving/bzip2?expand=0&rev=74
16 lines
559 B
Diff
16 lines
559 B
Diff
Author: Jakub Martisko <jamartis@redhat.com>
|
|
Date: Wed, 30 Mar 2016 10:22:27 +0200
|
|
Description: bzip2recover: Fix potential use-after-free
|
|
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
|
|
|
|
--- a/bzip2recover.c
|
|
+++ b/bzip2recover.c
|
|
@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
|
|
bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
|
|
bsPutUInt32 ( bsWr, blockCRC );
|
|
bsClose ( bsWr );
|
|
+ outFile = NULL;
|
|
}
|
|
if (wrBlock >= rbCtr) break;
|
|
wrBlock++;
|