src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow.
A file provided by the reporters caused the stream decoder to write to un-allocated heap space resulting in a segfault. The solution is to error out (by returning false from read_residual_partitioned_rice_()) instead of trying to continue to decode. Fixes: CVE-2014-9028 Reported-by: Michele Spagnuolo, Google Security Team <firstname.lastname@example.org>
Showing with 2 additions and 1 deletion