lzop: add overflow check
See CVE-2014-4607
http://www.openwall.com/lists/oss-security/2014/06/26/20
function old new delta
lzo1x_decompress_safe 1010 1031 +21
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
index 9bc1270..40b167e 100644
--- a/archival/libarchive/lzo1x_d.c
+++ b/archival/libarchive/lzo1x_d.c
@@ -92,6 +92,7 @@
ip++;
NEED_IP(1);
}
+ TEST_IV(t);
t += 15 + *ip++;
}
/* copy literals */
@@ -224,6 +225,7 @@
ip++;
NEED_IP(1);
}
+ TEST_IV(t);
t += 31 + *ip++;
}
#if defined(COPY_DICT)
@@ -265,6 +267,7 @@
ip++;
NEED_IP(1);
}
+ TEST_IV(t);
t += 7 + *ip++;
}
#if defined(COPY_DICT)