mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-14 07:44:21 +08:00
decompress_bunzip2: fix rare decompression failure
commitbf6acd5d16
upstream. The decompression code parses a huffman tree and counts the number of symbols for a given bit length. In rare cases, there may be >= 256 symbols with a given bit length, causing the unsigned char to overflow. This causes a decompression failure later when the code tries and fails to find the bit length for a given symbol. Since the maximum number of symbols is 258, use unsigned short instead. Link: https://lkml.kernel.org/r/20240717162016.1514077-1-ross.lagerwall@citrix.com Fixes:bc22c17e12
("bzip2/lzma: library support for gzip, bzip2 and lzma decompression") Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Cc: Alain Knaff <alain@knaff.lu> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
8d4fc803ff
commit
362ded08cc
@ -232,7 +232,8 @@ static int INIT get_next_block(struct bunzip_data *bd)
|
|||||||
RUNB) */
|
RUNB) */
|
||||||
symCount = symTotal+2;
|
symCount = symTotal+2;
|
||||||
for (j = 0; j < groupCount; j++) {
|
for (j = 0; j < groupCount; j++) {
|
||||||
unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1];
|
unsigned char length[MAX_SYMBOLS];
|
||||||
|
unsigned short temp[MAX_HUFCODE_BITS+1];
|
||||||
int minLen, maxLen, pp;
|
int minLen, maxLen, pp;
|
||||||
/* Read Huffman code lengths for each symbol. They're
|
/* Read Huffman code lengths for each symbol. They're
|
||||||
stored in a way similar to mtf; record a starting
|
stored in a way similar to mtf; record a starting
|
||||||
|
Loading…
Reference in New Issue
Block a user