Package: unzip / 6.0-26

26-cve-2019-13232-fix-bug-in-uzinflate.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
From: Mark Adler <madler@alumni.caltech.edu>
Subject: Fix bug in UZinflate() that incorrectly updated G.incnt.
Origin: https://github.com/madler/unzip/commit/5c572555cf5d80309a07c30cf7a54b2501493720
X-Debian-version: 6.0-26

    Fix bug in UZinflate() that incorrectly updated G.incnt.
    
    The update assumed a full buffer, which is not always full. This
    could result in a false overlapped element detection when a small
    deflate-compressed file was unzipped using an old zlib. This
    commit remedies that.

--- a/inflate.c
+++ b/inflate.c
@@ -700,7 +700,7 @@
       G.dstrm.total_out));
 
     G.inptr = (uch *)G.dstrm.next_in;
-    G.incnt = (G.inbuf + INBUFSIZ) - G.inptr;  /* reset for other routines */
+    G.incnt -= G.inptr - G.inbuf;       /* reset for other routines */
 
 uzinflate_cleanup_exit:
     err = inflateReset(&G.dstrm);