summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-fs/squashfs-tools/files/squashfs-tools-4.3-mem-overflow.patch')
-rw-r--r--sys-fs/squashfs-tools/files/squashfs-tools-4.3-mem-overflow.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/sys-fs/squashfs-tools/files/squashfs-tools-4.3-mem-overflow.patch b/sys-fs/squashfs-tools/files/squashfs-tools-4.3-mem-overflow.patch
new file mode 100644
index 000000000000..a9b000149e4e
--- /dev/null
+++ b/sys-fs/squashfs-tools/files/squashfs-tools-4.3-mem-overflow.patch
@@ -0,0 +1,35 @@
+taken from Fedora
+
+From 604b607d8ac91eb8afc0b6e3d917d5c073096103 Mon Sep 17 00:00:00 2001
+From: Phillip Lougher <phillip@squashfs.org.uk>
+Date: Wed, 11 Jun 2014 04:51:37 +0100
+Subject: mksquashfs: ensure value does not overflow a signed int in -mem
+ option
+
+Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk>
+
+diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c
+index 5370ecf..9676dc8 100644
+--- a/squashfs-tools/mksquashfs.c
++++ b/squashfs-tools/mksquashfs.c
+@@ -5193,7 +5193,16 @@ print_compressor_options:
+ argv[0]);
+ exit(1);
+ }
+- /* convert from bytes to Mbytes */
++
++ /*
++ * convert from bytes to Mbytes, ensuring the value
++ * does not overflow a signed int
++ */
++ if(number >= (1LL << 51)) {
++ ERROR("%s: -mem invalid mem size\n", argv[0]);
++ exit(1);
++ }
++
+ total_mem = number / 1048576;
+ if(total_mem < (SQUASHFS_LOWMEM / SQUASHFS_TAKE)) {
+ ERROR("%s: -mem should be %d Mbytes or "
+--
+cgit v0.10.1
+