File CVE-2022-0530.patch of Package unzip.35382

From: Enrico Zini <enrico@debian.org>
Subject: Fix null pointer dereference on invalid UTF-8 input
Bug-Debian: https://bugs.debian.org/1010355
X-Debian-version: 6.0-27

--- a/fileio.c
+++ b/fileio.c
@@ -2361,6 +2361,9 @@
                   /* convert UTF-8 to local character set */
                   fn = utf8_to_local_string(G.unipath_filename,
                                             G.unicode_escape_all);
+                  if (fn == NULL)
+                    return PK_ERR;
+
                   /* make sure filename is short enough */
                   if (strlen(fn) >= FILNAMSIZ) {
                     fn[FILNAMSIZ - 1] = '\0';
--- a/process.c
+++ b/process.c
@@ -2611,6 +2611,8 @@
   int escape_all;
 {
   zwchar *wide = utf8_to_wide_string(utf8_string);
+  if (wide == NULL)
+    return NULL;
   char *loc = wide_to_local_string(wide, escape_all);
   free(wide);
   return loc;
openSUSE Build Service is sponsored by