abfcc20018
patch taken from the Debian package: https://anonscm.debian.org/cgit/users/robert/p7zip.git/tree/debian/patches/13-CVE-2017-17969.patch Closes: #11399 [via git-merge-pr]
26 lines
800 B
Diff
26 lines
800 B
Diff
From: =?utf-8?q?Antoine_Beaupr=C3=A9?= <anarcat@debian.org>
|
|
Date: Sun, 28 Jan 2018 21:19:50 +0100
|
|
Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
|
|
|
|
---
|
|
CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/CPP/7zip/Compress/ShrinkDecoder.cpp b/CPP/7zip/Compress/ShrinkDecoder.cpp
|
|
index 80b7e67..4acdce5 100644
|
|
--- CPP/7zip/Compress/ShrinkDecoder.cpp
|
|
+++ CPP/7zip/Compress/ShrinkDecoder.cpp
|
|
@@ -121,7 +121,12 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream *
|
|
{
|
|
_stack[i++] = _suffixes[cur];
|
|
cur = _parents[cur];
|
|
- }
|
|
+ if (i >= kNumItems)
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ if (i >= kNumItems)
|
|
+ break;
|
|
|
|
_stack[i++] = (Byte)cur;
|
|
lastChar2 = (Byte)cur;
|