diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-06-09 07:09:35 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-06-09 07:16:13 +0000 |
commit | 2fafe3d1eb933216776b191c85565ec5289161da (patch) | |
tree | 90a90fe794532c06bf307702f1167ed0ebf750f7 /main/squashfs-tools/vla-overlow.patch | |
parent | 304f22a6f1c25557fdae7f54de534871a9956377 (diff) | |
download | aports-2fafe3d1eb933216776b191c85565ec5289161da.tar.bz2 aports-2fafe3d1eb933216776b191c85565ec5289161da.tar.xz |
main/squashfs-tools: fix variable length array overflow
we can not guarantee that block size specified in user data will not
overflow the stack so we need to use malloc.
this fixes segfault when doing unsquashfs
Diffstat (limited to 'main/squashfs-tools/vla-overlow.patch')
-rw-r--r-- | main/squashfs-tools/vla-overlow.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/main/squashfs-tools/vla-overlow.patch b/main/squashfs-tools/vla-overlow.patch new file mode 100644 index 000000000..a9840fe01 --- /dev/null +++ b/main/squashfs-tools/vla-overlow.patch @@ -0,0 +1,21 @@ +--- ./squashfs-tools/unsquashfs.c.orig ++++ ./squashfs-tools/unsquashfs.c +@@ -2099,7 +2099,9 @@ + */ + void *inflator(void *arg) + { +- char tmp[block_size]; ++ char *tmp = malloc(block_size); ++ if(tmp == NULL) ++ EXIT_UNSQUASH("Out of memory allocating block buffer\n"); + + while(1) { + struct cache_entry *entry = queue_get(to_inflate); +@@ -2122,6 +2124,7 @@ + */ + cache_block_ready(entry, res == -1); + } ++ free(tmp); + } + + |