Google Git
Sign in
fuchsia / third_party / bzip2 / f2552dac2d5627dc249d1c16bfc5966db13de869
commitf2552dac2d5627dc249d1c16bfc5966db13de869[log] [tgz]
authorAmin Hassani <ahassani@chromium.org>Fri Mar 08 09:58:20 2019 -0800
committerSen Jiang <senj@google.com>Fri Mar 29 17:42:48 2019 -0700
tree459c0897fe282d9f4f3f440aaf2b9e12db40ccae
parentac0f84bf6789a6bf512478bad525320479872341 [diff]
Check for upper bounds of nselectors.

Currently there is no check for the upper bounds of the
nselectors. Hence, a corrupt input can cause a segfault.

This issue was discovered by one of our fuzzers. The actual error was:

../bzip2-1.0.6/decompress.c:299:10: runtime error: index 18002 out of bounds for type 'UChar [18002]'

Change-Id: I1f749ca7a54cce95d671f184b6425ac659767ffc
1 file changed
tree: 459c0897fe282d9f4f3f440aaf2b9e12db40ccae
  1. blocksort.c
  2. BUILD.gn
  3. bz-common.xsl
  4. bz-fo.xsl
  5. bz-html.xsl
  6. bzdiff
  7. bzdiff.1
  8. bzgrep
  9. bzgrep.1
  10. bzip.css
  11. bzip2.1
  12. bzip2.1.preformatted
  13. bzip2.c
  14. bzip2.txt
  15. bzip2recover.c
  16. bzlib.c
  17. bzlib.h
  18. bzlib_private.h
  19. bzmore
  20. bzmore.1
  21. CHANGES
  22. compress.c
  23. crctable.c
  24. decompress.c
  25. dlltest.c
  26. dlltest.dsp
  27. entities.xml
  28. format.pl
  29. huffman.c
  30. libbz2.def
  31. libbz2.dsp
  32. LICENSE
  33. Makefile
  34. Makefile-libbz2_so
  35. makefile.msc
  36. manual.html
  37. manual.pdf
  38. manual.ps
  39. manual.xml
  40. mk251.c
  41. randtable.c
  42. README
  43. README.COMPILATION.PROBLEMS
  44. README.XML.STUFF
  45. sample1.bz2
  46. sample1.ref
  47. sample2.bz2
  48. sample2.ref
  49. sample3.bz2
  50. sample3.ref
  51. spewG.c
  52. unzcrash.c
  53. words0
  54. words1
  55. words2
  56. words3
  57. xmlproc.sh