diff --git a/ChangeLog b/ChangeLog index b0946c7af..d7014cd24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2015-10-03 Werner Lemberg + + [bzip2, gzip] Avoid access of unitialized memory (#46109). + + * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c + (ft_gzip_file_fill_input): In case of an error, adjust the limit to + avoid copying uninitialized memory. + 2015-10-03 Werner Lemberg [bzip2, gzip] Avoid access of unitialized memory (#46109). diff --git a/src/bzip2/ftbzip2.c b/src/bzip2/ftbzip2.c index d4a85f28b..cf9473376 100644 --- a/src/bzip2/ftbzip2.c +++ b/src/bzip2/ftbzip2.c @@ -254,7 +254,10 @@ size = stream->read( stream, stream->pos, zip->input, FT_BZIP2_BUFFER_SIZE ); if ( size == 0 ) + { + zip->limit = zip->cursor; return FT_THROW( Invalid_Stream_Operation ); + } } else { @@ -263,7 +266,10 @@ size = FT_BZIP2_BUFFER_SIZE; if ( size == 0 ) + { + zip->limit = zip->cursor; return FT_THROW( Invalid_Stream_Operation ); + } FT_MEM_COPY( zip->input, stream->base + stream->pos, size ); } diff --git a/src/gzip/ftgzip.c b/src/gzip/ftgzip.c index 36134a82e..422035c00 100644 --- a/src/gzip/ftgzip.c +++ b/src/gzip/ftgzip.c @@ -377,7 +377,10 @@ size = stream->read( stream, stream->pos, zip->input, FT_GZIP_BUFFER_SIZE ); if ( size == 0 ) + { + zip->limit = zip->cursor; return FT_THROW( Invalid_Stream_Operation ); + } } else { @@ -386,7 +389,10 @@ size = FT_GZIP_BUFFER_SIZE; if ( size == 0 ) + { + zip->limit = zip->cursor; return FT_THROW( Invalid_Stream_Operation ); + } FT_MEM_COPY( zip->input, stream->base + stream->pos, size ); }