File CVE-2019-6250.patch of Package zeromq.10568
Author: Guido Vranken <email@example.com>
Description: pointer overflow in zmq::v2_decoder_t::size_ready
leading to remote code execution (issue #3351).
Refactor bounds check arithmetic such that no overflow shall occur
@@ -108,7 +108,7 @@ int zmq::v2_decoder_t::size_ready(uint64_t msg_size, unsigned char const* read_p
// the current message can exceed the current buffer. We have to copy the buffer
// data into a new message and complete it in the next receive.
- if (unlikely ((unsigned char*)read_pos + msg_size > (data() + size())))
+ if (unlikely (msg_size > (size_t) (data () + size () - read_pos)))
// a new message has started, but the size would exceed the pre-allocated arena
// this happens every time when a message does not fit completely into the buffer