File bsdiff-fix-heap-vul.patch of Package bsdiff - openSUSE Build Service

File bsdiff-fix-heap-vul.patch of Package bsdiff

--- b/bspatch.c
+++ c/bspatch.c
@@ -152,6 +152,10 @@ int main(int argc,char * argv[])
 		};
 
 		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
+		/* Sanity-check */
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");

openSUSE Build Service is sponsored by