svn commit: r410670 - in branches/2016Q1/archivers/brotli: . files

Jan Beich jbeich at FreeBSD.org
Tue Mar 8 23:13:45 UTC 2016 

Author: jbeich
Date: Tue Mar  8 23:13:43 2016
New Revision: 410670
URL: https://svnweb.freebsd.org/changeset/ports/410670

Log:
  MFH: r410664
  
  archivers/brotli: fix buffer overflow
  
  Obtained from:	upstream
  Security:	1bcfd963-e483-41b8-ab8e-bad5c3ce49c9
  Approved by:	ports-secteam (feld)

Added:
  branches/2016Q1/archivers/brotli/files/patch-CVE-2016-1624
     - copied, changed from r410664, head/archivers/brotli/files/patch-CVE-2016-1624
Modified:
  branches/2016Q1/archivers/brotli/Makefile
Directory Properties:
  branches/2016Q1/   (props changed)

Modified: branches/2016Q1/archivers/brotli/Makefile
==============================================================================
--- branches/2016Q1/archivers/brotli/Makefile	Tue Mar  8 22:55:54 2016	(r410669)
+++ branches/2016Q1/archivers/brotli/Makefile	Tue Mar  8 23:13:43 2016	(r410670)
@@ -4,7 +4,7 @@
 PORTNAME=	brotli
 PORTVERSION=	0.2.0
 DISTVERSIONPREFIX=	v
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	archivers
 
 MAINTAINER=	sunpoet at FreeBSD.org

Copied and modified: branches/2016Q1/archivers/brotli/files/patch-CVE-2016-1624 (from r410664, head/archivers/brotli/files/patch-CVE-2016-1624)
==============================================================================
--- head/archivers/brotli/files/patch-CVE-2016-1624	Tue Mar  8 21:15:16 2016	(r410664, copy source)
+++ branches/2016Q1/archivers/brotli/files/patch-CVE-2016-1624	Tue Mar  8 23:13:43 2016	(r410670)
@@ -11,14 +11,14 @@ diff --git a/dec/decode.c b/dec/decode.c
 index 920959c..892a254 100644
 --- dec/decode.c
 +++ dec/decode.c
-@@ -1714,6 +1714,10 @@ static BROTLI_INLINE BrotliResult ProcessCommandsInternal(int safe,
-   } else {
-     const uint8_t *ringbuffer_end_minus_copy_length =
-         s->ringbuffer_end - i;
-+    /* Check for possible underflow and clamp the pointer to 0. */
-+    if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
-+      ringbuffer_end_minus_copy_length = 0;
-+    }
-     uint8_t* copy_src = &s->ringbuffer[
-         (pos - s->distance_code) & s->ringbuffer_mask];
-     uint8_t* copy_dst = &s->ringbuffer[pos];
+@@ -1410,6 +1410,10 @@ postReadDistance:
+         } else {
+           const uint8_t *ringbuffer_end_minus_copy_length =
+               s->ringbuffer_end - i;
++          /* Check for possible underflow and clamp the pointer to 0. */
++          if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) {
++              ringbuffer_end_minus_copy_length = 0;
++          }
+           copy_src = &s->ringbuffer[(pos - s->distance_code) &
+                                     s->ringbuffer_mask];
+           copy_dst = &s->ringbuffer[pos];

More information about the svn-ports-branches mailing list