[src/trunk]: src/external/bsd/libarchive/dist/libarchive provisional fix for ...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/bc23705a975a
branches:  trunk
changeset: 768383:bc23705a975a
user:      christos <christos%NetBSD.org@localhost>
date:      Tue Aug 16 03:33:37 2011 +0000

description:
provisional fix for CVS-2011-2895, buffer overflow during decompress

diffstat:

 external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c |  6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diffs (23 lines):

diff -r 5b68b105ee6e -r bc23705a975a external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c
--- a/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c       Tue Aug 16 03:25:34 2011 +0000
+++ b/external/bsd/libarchive/dist/libarchive/archive_read_support_compression_compress.c       Tue Aug 16 03:33:37 2011 +0000
@@ -362,6 +362,7 @@
        }
 
        if (code > state->free_ent) {
+out:
                /* An invalid code is a fatal error. */
                archive_set_error(&(self->archive->archive), -1,
                    "Invalid compressed data");
@@ -376,6 +377,11 @@
 
        /* Generate output characters in reverse order. */
        while (code >= 256) {
+               // XXX: long -> ptrdiff_t, but don't want to bother with
+               // autoconf for now.
+               if (state->stackp - state->stack >=
+                   (long)(sizeof(state->stack) - 1))
+                       goto out;
                *state->stackp++ = state->suffix[code];
                code = state->prefix[code];
        }