gnu/packages/patches/p7zip-CVE-2017-17969.patch

   1 Fix CVE-2017-17969:
   2
   3 https://sourceforge.net/p/p7zip/bugs/204/
   4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969
   5
   6 Patch copied from Debian.
   7
   8 Subject: Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
   9 Origin: vendor, https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/27d7/attachment/CVE-2017-17969.patch
  10 Forwarded: https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7
  11 Bug: https://sourceforge.net/p/p7zip/bugs/204/
  12 Bug-Debian: https://bugs.debian.org/888297
  13 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17969
  14 Author: Antoine Beaupré <anarcat@debian.org>
  15 Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
  16 Last-Update: 2018-02-01
  17 Applied-Upstream: 18.00-beta
  18
  19 --- a/CPP/7zip/Compress/ShrinkDecoder.cpp
  20 +++ b/CPP/7zip/Compress/ShrinkDecoder.cpp
  21 @@ -121,8 +121,13 @@ HRESULT CDecoder::CodeReal(ISequentialIn
  22      {
  23        _stack[i++] = _suffixes[cur];
  24        cur = _parents[cur];
  25 +      if (cur >= kNumItems || i >= kNumItems)
  26 +        break;
  27      }
  28 -
  29 +
  30 +    if (cur >= kNumItems || i >= kNumItems)
  31 +      break;
  32 +
  33      _stack[i++] = (Byte)cur;
  34      lastChar2 = (Byte)cur;
  35