On 18/01/2015 22:00, Sebastian Andrzej Siewior wrote:
On 2015-01-18 18:59:33 [+0100], Jakub Wilk wrote:
Sorry, it's me again! libmspack crashes on the attached file:
As I've seen your ubsan reports, I assumed you were done. Wrong this
was.
$ gpg -d < crash.chm.asc > crash.chm
$ test/chmd_md5 crash.chm
*** crash.chm
but it'd be better to fix the thing that sets "p" to a value past the "end".
So something like the patch attached then?. But this should be
double-checked in case we properly come to end and don't continue
using p anymore. But not today…
I made this change instead.
@@ -254,7 +254,7 @@
#define READ_ENCINT(var) do { \
(var) = 0; \
do { \
- if (p > end) goto chunk_end; \
+ if (p >= end) goto chunk_end; \
(var) = ((var) << 7) | (*p & 0x7F); \
} while (*p++ & 0x80); \
} while (0)
Regards
Stuart
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
