cve20149636.patch 1.0 KB

1234567891011121314151617181920212223242526
  1. diff --git a/extract.c b/extract.c
  2. index a0a4929..9ef80b3 100644
  3. --- a/extract.c
  4. +++ b/extract.c
  5. @@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
  6. ulg eb_ucsize;
  7. uch *eb_ucptr;
  8. int r;
  9. + ush method;
  10. if (compr_offset < 4) /* field is not compressed: */
  11. return PK_OK; /* do nothing and signal OK */
  12. @@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
  13. eb_size <= (compr_offset + EB_CMPRHEADLEN)))
  14. return IZ_EF_TRUNC; /* no compressed data! */
  15. + method = makeword(eb + (EB_HEADSIZE + compr_offset));
  16. + if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
  17. + return PK_ERR; /* compressed & uncompressed
  18. + * should match in STORED
  19. + * method */
  20. +
  21. if (
  22. #ifdef INT_16BIT
  23. (((ulg)(extent)eb_ucsize) != eb_ucsize) ||