* + zlib-inflate-fix-potential-buffer-overflow.patch added to -mm tree
@ 2017-04-03 22:32 akpm
0 siblings, 0 replies; only message in thread
From: akpm @ 2017-04-03 22:32 UTC (permalink / raw)
To: linux, mm-commits
The patch titled
Subject: lib/zlib_inflate/inftrees.c: fix potential buffer overflow
has been added to the -mm tree. Its filename is
zlib-inflate-fix-potential-buffer-overflow.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/zlib-inflate-fix-potential-buffer-overflow.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/zlib-inflate-fix-potential-buffer-overflow.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Guenter Roeck <linux@roeck-us.net>
Subject: lib/zlib_inflate/inftrees.c: fix potential buffer overflow
smatch says:
lib/zlib_inflate/inftrees.c:240 zlib_inflate_table() error:
buffer overflow 'count' 16 <= 16
The loop calculating the value for 'min', which is later used to access
count[], can indeed result in an index larger than ARRAY_SIZE(count)
if the array is filled with 0.
Fixes: 4f3865fb57a04 ("zlib_inflate: Upgrade library code to a recent version")
Link: http://lkml.kernel.org/r/1491236059-32592-1-git-send-email-linux@roeck-us.net
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/zlib_inflate/inftrees.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN lib/zlib_inflate/inftrees.c~zlib-inflate-fix-potential-buffer-overflow lib/zlib_inflate/inftrees.c
--- a/lib/zlib_inflate/inftrees.c~zlib-inflate-fix-potential-buffer-overflow
+++ a/lib/zlib_inflate/inftrees.c
@@ -109,7 +109,7 @@ int zlib_inflate_table(codetype type, un
*bits = 1;
return 0; /* no symbols, but wait for decoding to report error */
}
- for (min = 1; min <= MAXBITS; min++)
+ for (min = 1; min < MAXBITS; min++)
if (count[min] != 0) break;
if (root < min) root = min;
_
Patches currently in -mm which might be from linux@roeck-us.net are
zlib-inflate-fix-potential-buffer-overflow.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-03 22:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-03 22:32 + zlib-inflate-fix-potential-buffer-overflow.patch added to -mm tree akpm
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.