| libxml2: Patch for CVE-2018-14567 |
| |
| See https://bugzilla.gnome.org/show_bug.cgi?id=794914 for more details. |
| |
| diff --git a/xzlib.c b/xzlib.c |
| index a839169..0ba88cf 100644 |
| --- a/xzlib.c |
| +++ b/xzlib.c |
| @@ -562,6 +562,10 @@ xz_decomp(xz_statep state) |
| "internal error: inflate stream corrupt"); |
| return -1; |
| } |
| + /* |
| + * FIXME: Remapping a couple of error codes and falling through |
| + * to the LZMA error handling looks fragile. |
| + */ |
| if (ret == Z_MEM_ERROR) |
| ret = LZMA_MEM_ERROR; |
| if (ret == Z_DATA_ERROR) |
| @@ -587,6 +591,11 @@ xz_decomp(xz_statep state) |
| xz_error(state, LZMA_PROG_ERROR, "compression error"); |
| return -1; |
| } |
| + if ((state->how != GZIP) && |
| + (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) { |
| + xz_error(state, ret, "lzma error"); |
| + return -1; |
| + } |
| } while (strm->avail_out && ret != LZMA_STREAM_END); |
| |
| /* update available output and crc check value */ |