commit | 7ed62bfb46e87a9e878712603469440e6882b184 | [log] [tgz] |
---|---|---|
author | Albert Astals Cid <aacid@kde.org> | Tue May 28 19:35:18 2019 +0200 |
committer | Mark Wielaard <mark@klomp.org> | Mon Jun 24 15:34:05 2019 +0200 |
tree | 2ab31d696610797b6913cce701a71e70eb19a6a7 | |
parent | 16f2c753f9959e8d7c7e1fa771b8ccc5821427aa [diff] |
Make sure nSelectors is not out of range nSelectors is used in a loop from 0 to nSelectors to access selectorMtf which is UChar selectorMtf[BZ_MAX_SELECTORS]; so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory access Fixes out of bounds access discovered while fuzzying karchive This was reported as CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.