svn commit: r410664 - in head: archivers/brotli archivers/brotli/files devel/libbrotli devel/libbrotli/files
Jan Beich
jbeich at FreeBSD.org
Tue Mar 8 21:15:17 UTC 2016
Author: jbeich
Date: Tue Mar 8 21:15:16 2016
New Revision: 410664
URL: https://svnweb.freebsd.org/changeset/ports/410664
Log:
archivers/brotli, devel/libbrotli: fix buffer overflow
Obtained from: upstream
Security: 1bcfd963-e483-41b8-ab8e-bad5c3ce49c9
MFH: 2016Q1
Added:
head/archivers/brotli/files/
head/archivers/brotli/files/patch-CVE-2016-1624 (contents, props changed)
head/devel/libbrotli/files/patch-CVE-2016-1624 (contents, props changed)
Modified:
head/archivers/brotli/Makefile (contents, props changed)
head/devel/libbrotli/Makefile (contents, props changed)
Modified: head/archivers/brotli/Makefile
==============================================================================
--- head/archivers/brotli/Makefile Tue Mar 8 21:09:18 2016 (r410663)
+++ head/archivers/brotli/Makefile Tue Mar 8 21:15:16 2016 (r410664)
@@ -4,6 +4,7 @@
PORTNAME= brotli
PORTVERSION= 0.3.0
DISTVERSIONPREFIX= v
+PORTREVISION= 1
CATEGORIES= archivers
MAINTAINER= sunpoet at FreeBSD.org
Added: head/archivers/brotli/files/patch-CVE-2016-1624
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/archivers/brotli/files/patch-CVE-2016-1624 Tue Mar 8 21:15:16 2016 (r410664)
@@ -0,0 +1,24 @@
+From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
+From: eustas <eustas.ru at gmail.com>
+Date: Thu, 4 Feb 2016 15:35:44 +0100
+Subject: [PATCH] Fix possible pointer underflow
+
+---
+ dec/decode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dec/decode.c b/dec/decode.c
+index 920959c..892a254 100644
+--- dec/decode.c
++++ dec/decode.c
+@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
+ } else {
+ const uint8_t *ringbuffer_end_minus_copy_length =
+ s->ringbuffer_end - i;
++ /* Check for possible underflow and clamp the pointer to 0. */
++ if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
++ ringbuffer_end_minus_copy_length = 0;
++ }
+ uint8_t* copy_src = &s->ringbuffer[
+ (pos - s->distance_code) & s->ringbuffer_mask];
+ uint8_t* copy_dst = &s->ringbuffer[pos];
Modified: head/devel/libbrotli/Makefile
==============================================================================
--- head/devel/libbrotli/Makefile Tue Mar 8 21:09:18 2016 (r410663)
+++ head/devel/libbrotli/Makefile Tue Mar 8 21:15:16 2016 (r410664)
@@ -3,7 +3,7 @@
PORTNAME= libbrotli
PORTVERSION= ${BROTLI_VERSION}
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= devel archivers
MAINTAINER= osa at FreeBSD.org
@@ -24,8 +24,10 @@ GNU_CONFIGURE= yes
MAKE_JOBS_UNSAFE= yes
USE_LDCONFIG= yes
-pre-configure:
+post-extract:
${RMDIR} ${WRKSRC}/brotli && ${MV} ${WRKDIR}/brotli-${BROTLI_VERSION} ${WRKSRC}/brotli
+
+pre-configure:
cd ${WRKSRC} && ./autogen.sh
.include <bsd.port.mk>
Added: head/devel/libbrotli/files/patch-CVE-2016-1624
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/libbrotli/files/patch-CVE-2016-1624 Tue Mar 8 21:15:16 2016 (r410664)
@@ -0,0 +1,24 @@
+From 37a320dd81db8d546cd24a45b4c61d87b45dcade Mon Sep 17 00:00:00 2001
+From: eustas <eustas.ru at gmail.com>
+Date: Thu, 4 Feb 2016 15:35:44 +0100
+Subject: [PATCH] Fix possible pointer underflow
+
+---
+ dec/decode.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/dec/decode.c b/dec/decode.c
+index 920959c..892a254 100644
+--- brotli/dec/decode.c
++++ brotli/dec/decode.c
+@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
+ } else {
+ const uint8_t *ringbuffer_end_minus_copy_length =
+ s->ringbuffer_end - i;
++ /* Check for possible underflow and clamp the pointer to 0. */
++ if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
++ ringbuffer_end_minus_copy_length = 0;
++ }
+ uint8_t* copy_src = &s->ringbuffer[
+ (pos - s->distance_code) & s->ringbuffer_mask];
+ uint8_t* copy_dst = &s->ringbuffer[pos];
More information about the svn-ports-all
mailing list