Make sure nSelectors is not out of range - bzip2 - A mirror of https://sourceware.org/git/bzip2.git

diff options

author	Albert Astals Cid <aacid@kde.org>	2019-05-28 19:35:18 +0200
committer	Mark Wielaard <mark@klomp.org>	2019-06-24 15:34:05 +0200
commit	7ed62bfb46e87a9e878712603469440e6882b184 (patch)
tree	2ab31d696610797b6913cce701a71e70eb19a6a7 /README
parent	16f2c753f9959e8d7c7e1fa771b8ccc5821427aa (diff)
download	bzip2-7ed62bfb46e87a9e878712603469440e6882b184.tar.gz bzip2-7ed62bfb46e87a9e878712603469440e6882b184.tar.bz2 bzip2-7ed62bfb46e87a9e878712603469440e6882b184.zip

Make sure nSelectors is not out of range

nSelectors is used in a loop from 0 to nSelectors to access selectorMtf which is UChar selectorMtf[BZ_MAX_SELECTORS]; so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory access Fixes out of bounds access discovered while fuzzying karchive This was reported as CVE-2019-12900 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Diffstat (limited to 'README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: