• Erik de Castro Lopo's avatar
    src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow. · fcf0ba06
    Erik de Castro Lopo authored
    A file provided by the reporters caused the stream decoder to write to
    un-allocated heap space resulting in a segfault. The solution is to
    error out (by returning false from read_residual_partitioned_rice_())
    instead of trying to continue to decode.
    
    Fixes: CVE-2014-9028
    Reported-by: Michele Spagnuolo,
                 Google Security Team <mikispag@google.com>
    fcf0ba06
stream_decoder.c 130 KB