main/p7zip/CVE-2016-9296.patch


1
2
3
4
5
6
7
8
9
10
11
12

--- p7zip_15.14.1/CPP/7zip/Archive/7z/7zIn.cpp	2016-12-01 08:15:42.846399878 +0000
+++ p7zip_15.14.1.orig/CPP/7zip/Archive/7z/7zIn.cpp	2016-02-23 21:50:06.000000000 +0000
@@ -1091,7 +1091,8 @@
       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
         ThrowIncorrect();
   }
+  if (folders.PackPositions) // this line is fixing CVE-2016-9296
+    HeadersSize += folders.PackPositions[folders.NumPackStreams];
-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
   return S_OK;
 }