Andrew Geissler | c723b72 | 2021-01-08 16:14:09 -0600 | [diff] [blame] | 1 | From 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48 Mon Sep 17 00:00:00 2001 |
| 2 | From: Andreas Gruenbacher <agruen@gnu.org> |
| 3 | Date: Mon, 15 Jul 2019 19:10:02 +0200 |
| 4 | Subject: Avoid invalid memory access in context format diffs |
| 5 | |
| 6 | * src/pch.c (another_hunk): Avoid invalid memory access in context format |
| 7 | diffs. |
| 8 | |
| 9 | CVE: CVE-2019-20633 |
| 10 | Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=15b158db3ae11cb835f2eb8d2eb48e09d1a4af48] |
| 11 | Signed-off-by: Scott Murray <scott.murray@konsulko.com> |
| 12 | |
| 13 | --- |
| 14 | src/pch.c | 1 + |
| 15 | 1 file changed, 1 insertion(+) |
| 16 | |
| 17 | diff --git a/src/pch.c b/src/pch.c |
| 18 | index a500ad9..cb54e03 100644 |
| 19 | --- a/src/pch.c |
| 20 | +++ b/src/pch.c |
| 21 | @@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev) |
| 22 | ptrn_prefix_context = context; |
| 23 | ptrn_suffix_context = context; |
| 24 | if (repl_beginning |
| 25 | + || p_end <= 0 |
| 26 | || (p_end |
| 27 | != p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n'))) |
| 28 | { |
| 29 | -- |
| 30 | cgit v1.2.1 |
| 31 | |