diff options
Diffstat (limited to 'games/openlierox/files/patch-CVE-2015-2331')
| -rw-r--r-- | games/openlierox/files/patch-CVE-2015-2331 | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/games/openlierox/files/patch-CVE-2015-2331 b/games/openlierox/files/patch-CVE-2015-2331 deleted file mode 100644 index 36da2c4f5dc8..000000000000 --- a/games/openlierox/files/patch-CVE-2015-2331 +++ /dev/null @@ -1,18 +0,0 @@ -From ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Tue, 17 Mar 2015 21:59:56 -0700 -Subject: Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary - -diff --git a/ext/zip/lib/zip_dirent.c b/ext/zip/lib/zip_dirent.c -index b9dac5c..0090801 100644 ---- libs/libzip/zip_dirent.c -+++ libs/libzip/zip_dirent.c -@@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error) - return NULL; - } - -- if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry)) -+ if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) - == NULL) { - _zip_error_set(error, ZIP_ER_MEMORY, 0); - free(cd); |