Google Git
Sign in
fuchsia / third_party / bzip2 / c1cdd98db3238cb711c7d9cdc5671452ce2822cb
commitc1cdd98db3238cb711c7d9cdc5671452ce2822cb[log] [tgz]
authorMark Wielaard <mark@klomp.org>Mon Jun 24 00:45:32 2019 +0200
committerMark Wielaard <mark@klomp.org>Mon Jun 24 00:58:47 2019 +0200
treeab84c05bb15b96f655c1914a9907a38c4d76f0fe
parent833548edc0eb4af85ce8da193835f0f31a6c300f [diff]
bzip2recover: Fix use after free issue with outFile.

bzip2recover.c (main): Make sure to set outFile to NULL when done.

This was reported as CVE-2016-3189 and found in multiple distributions.
https://seclists.org/oss-sec/2016/q2/568

Some more analysis can be found in:
https://bugzilla.redhat.com/show_bug.cgi?id=1319648
1 file changed
tree: ab84c05bb15b96f655c1914a9907a38c4d76f0fe
  1. blocksort.c
  2. bz-common.xsl
  3. bz-fo.xsl
  4. bz-html.xsl
  5. bzdiff
  6. bzdiff.1
  7. bzgrep
  8. bzgrep.1
  9. bzip.css
  10. bzip2.1
  11. bzip2.1.preformatted
  12. bzip2.c
  13. bzip2.txt
  14. bzip2recover.c
  15. bzlib.c
  16. bzlib.h
  17. bzlib_private.h
  18. bzmore
  19. bzmore.1
  20. CHANGES
  21. compress.c
  22. crctable.c
  23. decompress.c
  24. dlltest.c
  25. dlltest.dsp
  26. entities.xml
  27. format.pl
  28. huffman.c
  29. libbz2.def
  30. libbz2.dsp
  31. LICENSE
  32. Makefile
  33. Makefile-libbz2_so
  34. makefile.msc
  35. manual.xml
  36. mk251.c
  37. randtable.c
  38. README
  39. README.COMPILATION.PROBLEMS
  40. README.XML.STUFF
  41. release-update.sh
  42. sample1.bz2
  43. sample1.ref
  44. sample2.bz2
  45. sample2.ref
  46. sample3.bz2
  47. sample3.ref
  48. spewG.c
  49. unzcrash.c
  50. words0
  51. words1
  52. words2
  53. words3
  54. xmlproc.sh