guix-devel/gnu/packages/patches/zziplib-CVE-2017-5979.patch

20 lines
695 B
Diff

Fix CVE-2017-5979:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979
Patch copied from Debian.
Index: zziplib-0.13.62/zzip/fseeko.c
===================================================================
--- zziplib-0.13.62.orig/zzip/fseeko.c
+++ zziplib-0.13.62/zzip/fseeko.c
@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
return 0;
/* we read out chunks of 8 KiB in the hope to match disk granularity */
___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
+ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
if (! entry)
return 0;
___ unsigned char *buffer = malloc(pagesize);