guix/gnu/packages/patches/lrzip-CVE-2017-8842.patch
Tobias Geerinckx-Rice 5400fdfd5d
gnu: lrzip: Fix CVE-2017-8842.
* gnu/packages/compression.scm (lrzip)[source]: Add patch.
* gnu/packages/patches/lrzip-CVE-2017-8842.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
2018-03-12 18:15:21 +01:00

23 lines
727 B
Diff

From 38386bd482c0a8102a79958cb3eddcb97a167ca3 Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Fri, 9 Mar 2018 17:39:40 +1100
Subject: [PATCH] CVE-2017-8842 Fix divide-by-zero in bufRead::get
---
libzpaq/libzpaq.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libzpaq/libzpaq.h b/libzpaq/libzpaq.h
index 93387da..cbe211d 100644
--- a/libzpaq/libzpaq.h
+++ b/libzpaq/libzpaq.h
@@ -465,7 +465,8 @@ struct bufRead: public libzpaq::Reader {
int get() {
if (progress && !(*s_len % 128)) {
- int pct = (total_len - *s_len) * 100 / total_len;
+ int pct = (total_len > 0) ?
+ (total_len - *s_len) * 100 / total_len : 100;
if (pct / 10 != *last_pct / 10) {
int i;