~ruther/guix-local

ref: b200ecdeb2ba97bcaeec04a4da5e31736f00a5ea guix-local/gnu/packages/patches/zziplib-CVE-2017-5979.patch -rw-r--r-- 695 bytes
b200ecde — Efraim Flashner gnu: Add gama. 8 years ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

Fix CVE-2017-5979:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979

Patch copied from Debian.

Index: zziplib-0.13.62/zzip/fseeko.c
===================================================================
--- zziplib-0.13.62.orig/zzip/fseeko.c
+++ zziplib-0.13.62/zzip/fseeko.c
@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
         return 0;
     /* we read out chunks of 8 KiB in the hope to match disk granularity */
     ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
-    ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
+    ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
     if (! entry)
         return 0;
     ___ unsigned char *buffer = malloc(pagesize);