All of lore.kernel.org
 help / color / mirror / Atom feed
* + zlib-inflate-fix-potential-buffer-overflow.patch added to -mm tree
@ 2017-04-03 22:32 akpm
  0 siblings, 0 replies; only message in thread
From: akpm @ 2017-04-03 22:32 UTC (permalink / raw)
  To: linux, mm-commits


The patch titled
     Subject: lib/zlib_inflate/inftrees.c: fix potential buffer overflow
has been added to the -mm tree.  Its filename is
     zlib-inflate-fix-potential-buffer-overflow.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/zlib-inflate-fix-potential-buffer-overflow.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/zlib-inflate-fix-potential-buffer-overflow.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Guenter Roeck <linux@roeck-us.net>
Subject: lib/zlib_inflate/inftrees.c: fix potential buffer overflow

smatch says:

lib/zlib_inflate/inftrees.c:240 zlib_inflate_table() error:
	buffer overflow 'count' 16 <= 16

The loop calculating the value for 'min', which is later used to access
count[], can indeed result in an index larger than ARRAY_SIZE(count)
if the array is filled with 0.

Fixes: 4f3865fb57a04 ("zlib_inflate: Upgrade library code to a recent version")
Link: http://lkml.kernel.org/r/1491236059-32592-1-git-send-email-linux@roeck-us.net
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/zlib_inflate/inftrees.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -puN lib/zlib_inflate/inftrees.c~zlib-inflate-fix-potential-buffer-overflow lib/zlib_inflate/inftrees.c
--- a/lib/zlib_inflate/inftrees.c~zlib-inflate-fix-potential-buffer-overflow
+++ a/lib/zlib_inflate/inftrees.c
@@ -109,7 +109,7 @@ int zlib_inflate_table(codetype type, un
         *bits = 1;
         return 0;     /* no symbols, but wait for decoding to report error */
     }
-    for (min = 1; min <= MAXBITS; min++)
+    for (min = 1; min < MAXBITS; min++)
         if (count[min] != 0) break;
     if (root < min) root = min;
 
_

Patches currently in -mm which might be from linux@roeck-us.net are

zlib-inflate-fix-potential-buffer-overflow.patch


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2017-04-03 22:33 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-03 22:32 + zlib-inflate-fix-potential-buffer-overflow.patch added to -mm tree akpm

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.