Hi all,
A fix for CVE-2021-45261 ("patch: Invalid Pointer via another_hunk
function") has been posted by Petr Sumbera in:
https://savannah.gnu.org/bugs/?61685
I tested the patch, which looks sane (not that I'm familiar with the
code, but at least it makes sense to me) and can confirm that it
prevents the segmentation fault on patch 2.7.6. I also tested on patch
2.8, but the reproducer was already no longer reaching the segmentation
fault as patch 2.8 was catching other problems and stopping earlier
(which is good).
So I think this fix could be committed to the git repository, and this
bug closed?
Thanks,
--
Jean Delvare
SUSE L3 Support
