gnu/packages/patches/zziplib-CVE-2017-5979.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

Fix CVE-2017-5979:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979

Patch copied from Debian.

Index: zziplib-0.13.62/zzip/fseeko.c
===================================================================
--- zziplib-0.13.62.orig/zzip/fseeko.c
+++ zziplib-0.13.62/zzip/fseeko.c
@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
         return 0;
     /* we read out chunks of 8 KiB in the hope to match disk granularity */
     ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
-    ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
+    ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
     if (! entry)
         return 0;
     ___ unsigned char *buffer = malloc(pagesize);