From 25dbded13a57b4bae4ba219a5d2874b7035d389e Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Thu, 5 Jul 2018 20:25:27 -0500 Subject: user/squashfs-tools: pull in, fix, take --- user/squashfs-tools/CVE-2015-4645.patch | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 user/squashfs-tools/CVE-2015-4645.patch (limited to 'user/squashfs-tools/CVE-2015-4645.patch') diff --git a/user/squashfs-tools/CVE-2015-4645.patch b/user/squashfs-tools/CVE-2015-4645.patch new file mode 100644 index 000000000..f69025f18 --- /dev/null +++ b/user/squashfs-tools/CVE-2015-4645.patch @@ -0,0 +1,29 @@ +diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c +index ecdaac796f09..2c0cf63daf67 100644 +--- a/squashfs-tools/unsquash-4.c ++++ b/squashfs-tools/unsquash-4.c +@@ -31,9 +31,9 @@ static unsigned int *id_table; + int read_fragment_table_4(long long *directory_table_end) + { + int res, i; +- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); +- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); +- long long fragment_table_index[indexes]; ++ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); ++ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); ++ long long *fragment_table_index; + + TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " + "from 0x%llx\n", sBlk.s.fragments, indexes, +@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end) + return TRUE; + } + ++ fragment_table_index = malloc(indexes*sizeof(long long)); ++ if(fragment_table_index == NULL) ++ EXIT_UNSQUASH("read_fragment_table: failed to allocate " ++ "fragment table index\n"); ++ + fragment_table = malloc(bytes); + if(fragment_table == NULL) + EXIT_UNSQUASH("read_fragment_table: failed to allocate " -- cgit v1.2.3-60-g2f50