[Bug 10871] Heap overflow in decompress_unlzma
bugzilla at busybox.net
bugzilla at busybox.net
Mon May 28 05:44:49 UTC 2018
https://bugs.busybox.net/show_bug.cgi?id=10871
Andrej Valek <andrej.valek at siemens.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |---
Status|RESOLVED |REOPENED
--- Comment #17 from Andrej Valek <andrej.valek at siemens.com> ---
As I have already said in comment #14 . I have about 20 reproducers.
Why didn't You use my fixing patch? Your fix doesn't make any sense. Putting
'if (pos >= buffer_size)' into 'if ((int32_t)pos < 0)' is totally wrong. You
can't check buffer index only if pos overflowed. I have explained it in the
mentioned comment.
So, please use my fixing patch. After applying it, you can close this without
any pending issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list