Overview

File libzip-CVE-2015-2331.patch of Package libzip

https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
Index: lib/zip_dirent.c
===================================================================
--- lib/zip_dirent.c.orig	2015-03-20 10:08:29.778076853 +0100
+++ lib/zip_dirent.c	2015-03-20 10:11:07.913109453 +0100
@@ -110,7 +110,7 @@
 
     if (nentry == 0)
 	cd->entry = NULL;
-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*nentry)) == NULL) {
+    else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*nentry)) == NULL) {
 	_zip_error_set(error, ZIP_ER_MEMORY, 0);
 	free(cd);
 	return NULL;
openSUSE Build Service is sponsored by
Places