| Patrick Williams | 8e7b46e | 2023-05-01 14:19:06 -0500 | [diff] [blame^] | 1 | p7zip: Update CVE-2016-9296 patch URL. |
| 2 | From: Robert Luberda <robert@debian.org> |
| 3 | Date: Sat, 19 Nov 2016 08:48:08 +0100 |
| 4 | Subject: Fix nullptr dereference (CVE-2016-9296) |
| 5 | |
| 6 | Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ |
| 7 | This patch file taken from Debian's patch set for p7zip |
| 8 | |
| 9 | Upstream-Status: Backport [https://sourceforge.net/p/p7zip/bugs/185/] |
| 10 | CVE: CVE-2016-9296 |
| 11 | |
| 12 | Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> |
| 13 | |
| 14 | Index: p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp |
| 15 | =================================================================== |
| 16 | --- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp |
| 17 | +++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp |
| 18 | @@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS |
| 19 | if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) |
| 20 | ThrowIncorrect(); |
| 21 | } |
| 22 | - HeadersSize += folders.PackPositions[folders.NumPackStreams]; |
| 23 | + if (folders.PackPositions) |
| 24 | + HeadersSize += folders.PackPositions[folders.NumPackStreams]; |
| 25 | return S_OK; |
| 26 | } |
| 27 | |