mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-26 22:38:07 -05:00
20 lines
695 B
Diff
20 lines
695 B
Diff
|
Fix CVE-2017-5979:
|
||
|
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
|
||
|
|
||
|
Patch copied from Debian.
|
||
|
|
||
|
Index: zziplib-0.13.62/zzip/fseeko.c
|
||
|
===================================================================
|
||
|
--- zziplib-0.13.62.orig/zzip/fseeko.c
|
||
|
+++ zziplib-0.13.62/zzip/fseeko.c
|
||
|
@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
|
||
|
return 0;
|
||
|
/* we read out chunks of 8 KiB in the hope to match disk granularity */
|
||
|
___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
|
||
|
- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
|
||
|
+ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
|
||
|
if (! entry)
|
||
|
return 0;
|
||
|
___ unsigned char *buffer = malloc(pagesize);
|