| p7zip: Update CVE-2016-9296 patch URL. |
| From: Robert Luberda <robert@debian.org> |
| Date: Sat, 19 Nov 2016 08:48:08 +0100 |
| Subject: Fix nullptr dereference (CVE-2016-9296) |
| |
| Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ |
| This patch file taken from Debian's patch set for p7zip |
| |
| Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/] |
| CVE: CVE-2016-9296 |
| |
| Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> |
| |
| Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp |
| =================================================================== |
| --- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp |
| +++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp |
| @@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS |
| if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) |
| ThrowIncorrect(); |
| } |
| - HeadersSize += folders.PackPositions[folders.NumPackStreams]; |
| + if (folders.PackPositions) |
| + HeadersSize += folders.PackPositions[folders.NumPackStreams]; |
| return S_OK; |
| } |
| |