Google Git
Sign in
fuchsia / third_party / bzip2 / 7ed62bfb46e87a9e878712603469440e6882b184
commit7ed62bfb46e87a9e878712603469440e6882b184[log] [tgz]
authorAlbert Astals Cid <aacid@kde.org>Tue May 28 19:35:18 2019 +0200
committerMark Wielaard <mark@klomp.org>Mon Jun 24 15:34:05 2019 +0200
tree2ab31d696610797b6913cce701a71e70eb19a6a7
parent16f2c753f9959e8d7c7e1fa771b8ccc5821427aa [diff]
Make sure nSelectors is not out of range

nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
which is
	UChar    selectorMtf[BZ_MAX_SELECTORS];
so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
access

Fixes out of bounds access discovered while fuzzying karchive

This was reported as CVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds write when there are many selectors.
1 file changed
tree: 2ab31d696610797b6913cce701a71e70eb19a6a7
  1. blocksort.c
  2. bz-common.xsl
  3. bz-fo.xsl
  4. bz-html.xsl
  5. bzdiff
  6. bzdiff.1
  7. bzgrep
  8. bzgrep.1
  9. bzip.css
  10. bzip2.1
  11. bzip2.1.preformatted
  12. bzip2.c
  13. bzip2.txt
  14. bzip2recover.c
  15. bzlib.c
  16. bzlib.h
  17. bzlib_private.h
  18. bzmore
  19. bzmore.1
  20. CHANGES
  21. compress.c
  22. crctable.c
  23. decompress.c
  24. dlltest.c
  25. dlltest.dsp
  26. entities.xml
  27. format.pl
  28. huffman.c
  29. libbz2.def
  30. libbz2.dsp
  31. LICENSE
  32. Makefile
  33. Makefile-libbz2_so
  34. makefile.msc
  35. manual.xml
  36. mk251.c
  37. randtable.c
  38. README
  39. README.COMPILATION.PROBLEMS
  40. README.XML.STUFF
  41. release-update.sh
  42. sample1.bz2
  43. sample1.ref
  44. sample2.bz2
  45. sample2.ref
  46. sample3.bz2
  47. sample3.ref
  48. spewG.c
  49. unzcrash.c
  50. words0
  51. words1
  52. words2
  53. words3
  54. xmlproc.sh