Browse code
bb12371 - nsis - manually adding patch by Albert Astals Cid to mitigate bzip2 CVE-2019-12900
Mickey Sola authored on 2019/08/16 06:34:30Showing 1 changed files
| ... | ... |
@@ -155,11 +155,11 @@ Bool unRLE_obuf_to_output_FAST ( DState* s ) |
| 155 | 155 |
|
| 156 | 156 |
/* /\* can a new run be started? *\/ */ |
| 157 | 157 |
/* if (s->nblock_used == s->save_nblock+1) return False; */ |
| 158 |
- |
|
| 158 |
+ |
|
| 159 | 159 |
/* /\* Only caused by corrupt data stream? *\/ */ |
| 160 | 160 |
/* if (s->nblock_used > s->save_nblock+1) */ |
| 161 | 161 |
/* return True; */ |
| 162 |
- |
|
| 162 |
+ |
|
| 163 | 163 |
/* s->state_out_len = 1; */ |
| 164 | 164 |
/* s->state_out_ch = s->k0; */ |
| 165 | 165 |
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */ |
| ... | ... |
@@ -169,19 +169,19 @@ Bool unRLE_obuf_to_output_FAST ( DState* s ) |
| 169 | 169 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 170 | 170 |
/* if (s->nblock_used == s->save_nblock+1) continue; */ |
| 171 | 171 |
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
|
| 172 |
- |
|
| 172 |
+ |
|
| 173 | 173 |
/* s->state_out_len = 2; */ |
| 174 | 174 |
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */ |
| 175 | 175 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 176 | 176 |
/* if (s->nblock_used == s->save_nblock+1) continue; */ |
| 177 | 177 |
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
|
| 178 |
- |
|
| 178 |
+ |
|
| 179 | 179 |
/* s->state_out_len = 3; */ |
| 180 | 180 |
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */ |
| 181 | 181 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 182 | 182 |
/* if (s->nblock_used == s->save_nblock+1) continue; */ |
| 183 | 183 |
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
|
| 184 |
- |
|
| 184 |
+ |
|
| 185 | 185 |
/* BZ_GET_FAST(k1); BZ_RAND_UPD_MASK; */ |
| 186 | 186 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 187 | 187 |
/* s->state_out_len = ((Int32)k1) + 4; */ |
| ... | ... |
@@ -223,7 +223,7 @@ Bool unRLE_obuf_to_output_FAST ( DState* s ) |
| 223 | 223 |
} |
| 224 | 224 |
s_state_out_len_eq_one: |
| 225 | 225 |
{
|
| 226 |
- if (cs_avail_out == 0) {
|
|
| 226 |
+ if (cs_avail_out == 0) {
|
|
| 227 | 227 |
c_state_out_len = 1; goto return_notr; |
| 228 | 228 |
}; |
| 229 | 229 |
*cs_next_out = c_state_out_ch; |
| ... | ... |
@@ -231,7 +231,7 @@ Bool unRLE_obuf_to_output_FAST ( DState* s ) |
| 231 | 231 |
cs_next_out++; |
| 232 | 232 |
cs_avail_out--; |
| 233 | 233 |
} |
| 234 |
- } |
|
| 234 |
+ } |
|
| 235 | 235 |
/* Only caused by corrupt data stream? */ |
| 236 | 236 |
if (c_nblock_used > s_save_nblockPP) |
| 237 | 237 |
return True; |
| ... | ... |
@@ -239,25 +239,25 @@ Bool unRLE_obuf_to_output_FAST ( DState* s ) |
| 239 | 239 |
/* can a new run be started? */ |
| 240 | 240 |
if (c_nblock_used == s_save_nblockPP) {
|
| 241 | 241 |
c_state_out_len = 0; goto return_notr; |
| 242 |
- }; |
|
| 242 |
+ }; |
|
| 243 | 243 |
c_state_out_ch = c_k0; |
| 244 | 244 |
BZ_GET_FAST_C(k1); c_nblock_used++; |
| 245 |
- if (k1 != c_k0) {
|
|
| 246 |
- c_k0 = k1; goto s_state_out_len_eq_one; |
|
| 245 |
+ if (k1 != c_k0) {
|
|
| 246 |
+ c_k0 = k1; goto s_state_out_len_eq_one; |
|
| 247 | 247 |
}; |
| 248 |
- if (c_nblock_used == s_save_nblockPP) |
|
| 248 |
+ if (c_nblock_used == s_save_nblockPP) |
|
| 249 | 249 |
goto s_state_out_len_eq_one; |
| 250 |
- |
|
| 250 |
+ |
|
| 251 | 251 |
c_state_out_len = 2; |
| 252 | 252 |
BZ_GET_FAST_C(k1); c_nblock_used++; |
| 253 | 253 |
if (c_nblock_used == s_save_nblockPP) continue; |
| 254 | 254 |
if (k1 != c_k0) { c_k0 = k1; continue; };
|
| 255 |
- |
|
| 255 |
+ |
|
| 256 | 256 |
c_state_out_len = 3; |
| 257 | 257 |
BZ_GET_FAST_C(k1); c_nblock_used++; |
| 258 | 258 |
if (c_nblock_used == s_save_nblockPP) continue; |
| 259 | 259 |
if (k1 != c_k0) { c_k0 = k1; continue; };
|
| 260 |
- |
|
| 260 |
+ |
|
| 261 | 261 |
BZ_GET_FAST_C(k1); c_nblock_used++; |
| 262 | 262 |
c_state_out_len = ((Int32)k1) + 4; |
| 263 | 263 |
BZ_GET_FAST_C(c_k0); c_nblock_used++; |
| ... | ... |
@@ -309,33 +309,33 @@ Bool unRLE_obuf_to_output_SMALL ( DState* s ) |
| 309 | 309 |
/* s->strm->total_out_lo32++; */ |
| 310 | 310 |
/* if (s->strm->total_out_lo32 == 0) s->strm->total_out_hi32++; */ |
| 311 | 311 |
/* } */ |
| 312 |
- |
|
| 312 |
+ |
|
| 313 | 313 |
/* /\* can a new run be started? *\/ */ |
| 314 | 314 |
/* if (s->nblock_used == s->save_nblock+1) return False; */ |
| 315 | 315 |
|
| 316 | 316 |
/* /\* Only caused by corrupt data stream? *\/ */ |
| 317 | 317 |
/* if (s->nblock_used > s->save_nblock+1) */ |
| 318 | 318 |
/* return True; */ |
| 319 |
- |
|
| 319 |
+ |
|
| 320 | 320 |
/* s->state_out_len = 1; */ |
| 321 | 321 |
/* s->state_out_ch = s->k0; */ |
| 322 | 322 |
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */ |
| 323 | 323 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 324 | 324 |
/* if (s->nblock_used == s->save_nblock+1) continue; */ |
| 325 | 325 |
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
|
| 326 |
- |
|
| 326 |
+ |
|
| 327 | 327 |
/* s->state_out_len = 2; */ |
| 328 | 328 |
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */ |
| 329 | 329 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 330 | 330 |
/* if (s->nblock_used == s->save_nblock+1) continue; */ |
| 331 | 331 |
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
|
| 332 |
- |
|
| 332 |
+ |
|
| 333 | 333 |
/* s->state_out_len = 3; */ |
| 334 | 334 |
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */ |
| 335 | 335 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 336 | 336 |
/* if (s->nblock_used == s->save_nblock+1) continue; */ |
| 337 | 337 |
/* if (k1 != s->k0) { s->k0 = k1; continue; }; */
|
| 338 |
- |
|
| 338 |
+ |
|
| 339 | 339 |
/* BZ_GET_SMALL(k1); BZ_RAND_UPD_MASK; */ |
| 340 | 340 |
/* k1 ^= BZ_RAND_MASK; s->nblock_used++; */ |
| 341 | 341 |
/* s->state_out_len = ((Int32)k1) + 4; */ |
| ... | ... |
@@ -358,30 +358,30 @@ Bool unRLE_obuf_to_output_SMALL ( DState* s ) |
| 358 | 358 |
s->strm->total_out_lo32++; |
| 359 | 359 |
if (s->strm->total_out_lo32 == 0) s->strm->total_out_hi32++; |
| 360 | 360 |
} |
| 361 |
- |
|
| 361 |
+ |
|
| 362 | 362 |
/* can a new run be started? */ |
| 363 | 363 |
if (s->nblock_used == s->save_nblock+1) return False; |
| 364 | 364 |
|
| 365 | 365 |
/* Only caused by corrupt data stream? */ |
| 366 | 366 |
if (s->nblock_used > s->save_nblock+1) |
| 367 | 367 |
return True; |
| 368 |
- |
|
| 368 |
+ |
|
| 369 | 369 |
s->state_out_len = 1; |
| 370 | 370 |
s->state_out_ch = s->k0; |
| 371 | 371 |
BZ_GET_SMALL(k1); s->nblock_used++; |
| 372 | 372 |
if (s->nblock_used == s->save_nblock+1) continue; |
| 373 | 373 |
if (k1 != s->k0) { s->k0 = k1; continue; };
|
| 374 |
- |
|
| 374 |
+ |
|
| 375 | 375 |
s->state_out_len = 2; |
| 376 | 376 |
BZ_GET_SMALL(k1); s->nblock_used++; |
| 377 | 377 |
if (s->nblock_used == s->save_nblock+1) continue; |
| 378 | 378 |
if (k1 != s->k0) { s->k0 = k1; continue; };
|
| 379 |
- |
|
| 379 |
+ |
|
| 380 | 380 |
s->state_out_len = 3; |
| 381 | 381 |
BZ_GET_SMALL(k1); s->nblock_used++; |
| 382 | 382 |
if (s->nblock_used == s->save_nblock+1) continue; |
| 383 | 383 |
if (k1 != s->k0) { s->k0 = k1; continue; };
|
| 384 |
- |
|
| 384 |
+ |
|
| 385 | 385 |
BZ_GET_SMALL(k1); s->nblock_used++; |
| 386 | 386 |
s->state_out_len = ((Int32)k1) + 4; |
| 387 | 387 |
BZ_GET_SMALL(s->k0); s->nblock_used++; |
| ... | ... |
@@ -448,7 +448,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 448 | 448 |
Int32 N; |
| 449 | 449 |
Int32 curr; |
| 450 | 450 |
Int32 zt; |
| 451 |
- Int32 zn; |
|
| 451 |
+ Int32 zn; |
|
| 452 | 452 |
Int32 zvec; |
| 453 | 453 |
Int32 zj; |
| 454 | 454 |
Int32 gSel; |
| ... | ... |
@@ -502,7 +502,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 502 | 502 |
N = s->save_N; |
| 503 | 503 |
curr = s->save_curr; |
| 504 | 504 |
zt = s->save_zt; |
| 505 |
- zn = s->save_zn; |
|
| 505 |
+ zn = s->save_zn; |
|
| 506 | 506 |
zvec = s->save_zvec; |
| 507 | 507 |
zj = s->save_zj; |
| 508 | 508 |
gSel = s->save_gSel; |
| ... | ... |
@@ -526,7 +526,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 526 | 526 |
if (uc != BZ_HDR_h) RETURN(BZ_DATA_ERROR_MAGIC); |
| 527 | 527 |
|
| 528 | 528 |
GET_BITS(BZ_X_MAGIC_4, s->blockSize100k, 8) |
| 529 |
- if (s->blockSize100k < (BZ_HDR_0 + 1) || |
|
| 529 |
+ if (s->blockSize100k < (BZ_HDR_0 + 1) || |
|
| 530 | 530 |
s->blockSize100k > (BZ_HDR_0 + 9)) RETURN(BZ_DATA_ERROR_MAGIC); |
| 531 | 531 |
s->blockSize100k -= BZ_HDR_0; |
| 532 | 532 |
*/ |
| ... | ... |
@@ -537,8 +537,8 @@ static Int32 BZ2_decompress ( DState* s ) |
| 537 | 537 |
|
| 538 | 538 |
if (s->smallDecompress) {
|
| 539 | 539 |
s->ll16 = BZALLOC( s->blockSize100k * 100000 * sizeof(UInt16) ); |
| 540 |
- s->ll4 = BZALLOC( |
|
| 541 |
- ((1 + s->blockSize100k * 100000) >> 1) * sizeof(UChar) |
|
| 540 |
+ s->ll4 = BZALLOC( |
|
| 541 |
+ ((1 + s->blockSize100k * 100000) >> 1) * sizeof(UChar) |
|
| 542 | 542 |
); |
| 543 | 543 |
if (s->ll16 == NULL || s->ll4 == NULL) RETURN(BZ_MEM_ERROR); |
| 544 | 544 |
} else {
|
| ... | ... |
@@ -566,7 +566,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 566 | 566 |
s->currBlockNo++; |
| 567 | 567 |
if (s->verbosity >= 2) |
| 568 | 568 |
VPrintf1 ( "\n [%d: huff+mtf ", s->currBlockNo ); |
| 569 |
- |
|
| 569 |
+ |
|
| 570 | 570 |
s->storedBlockCRC = 0; |
| 571 | 571 |
GET_UCHAR(BZ_X_BCRC_1, uc); |
| 572 | 572 |
s->storedBlockCRC = (s->storedBlockCRC << 8) | ((UInt32)uc); |
| ... | ... |
@@ -591,14 +591,14 @@ static Int32 BZ2_decompress ( DState* s ) |
| 591 | 591 |
|
| 592 | 592 |
if (s->origPtr < 0) |
| 593 | 593 |
RETURN(BZ_DATA_ERROR); |
| 594 |
- if (s->origPtr > 10 + 100000*s->blockSize100k) |
|
| 594 |
+ if (s->origPtr > 10 + 100000*s->blockSize100k) |
|
| 595 | 595 |
RETURN(BZ_DATA_ERROR); |
| 596 | 596 |
|
| 597 | 597 |
/*--- Receive the mapping table ---*/ |
| 598 | 598 |
for (i = 0; i < 16; i++) {
|
| 599 | 599 |
GET_BIT(BZ_X_MAPPING_1, uc); |
| 600 |
- if (uc == 1) |
|
| 601 |
- s->inUse16[i] = True; else |
|
| 600 |
+ if (uc == 1) |
|
| 601 |
+ s->inUse16[i] = True; else |
|
| 602 | 602 |
s->inUse16[i] = False; |
| 603 | 603 |
} |
| 604 | 604 |
|
| ... | ... |
@@ -618,7 +618,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 618 | 618 |
GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); |
| 619 | 619 |
if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); |
| 620 | 620 |
GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); |
| 621 |
- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); |
|
| 621 |
+ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); |
|
| 622 | 622 |
for (i = 0; i < nSelectors; i++) {
|
| 623 | 623 |
j = 0; |
| 624 | 624 |
while (True) {
|
| ... | ... |
@@ -634,7 +634,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 634 | 634 |
{
|
| 635 | 635 |
UChar pos[BZ_N_GROUPS], tmp, v; |
| 636 | 636 |
for (v = 0; v < nGroups; v++) pos[v] = v; |
| 637 |
- |
|
| 637 |
+ |
|
| 638 | 638 |
for (i = 0; i < nSelectors; i++) {
|
| 639 | 639 |
v = s->selectorMtf[i]; |
| 640 | 640 |
tmp = pos[v]; |
| ... | ... |
@@ -667,10 +667,10 @@ static Int32 BZ2_decompress ( DState* s ) |
| 667 | 667 |
if (s->len[t][i] > maxLen) maxLen = s->len[t][i]; |
| 668 | 668 |
if (s->len[t][i] < minLen) minLen = s->len[t][i]; |
| 669 | 669 |
} |
| 670 |
- CreateDecodeTables ( |
|
| 671 |
- &(s->limit[t][0]), |
|
| 672 |
- &(s->base[t][0]), |
|
| 673 |
- &(s->perm[t][0]), |
|
| 670 |
+ CreateDecodeTables ( |
|
| 671 |
+ &(s->limit[t][0]), |
|
| 672 |
+ &(s->base[t][0]), |
|
| 673 |
+ &(s->perm[t][0]), |
|
| 674 | 674 |
&(s->len[t][0]), |
| 675 | 675 |
minLen, maxLen, alphaSize |
| 676 | 676 |
); |
| ... | ... |
@@ -769,23 +769,23 @@ static Int32 BZ2_decompress ( DState* s ) |
| 769 | 769 |
s->mtfa[(z)-3] = s->mtfa[(z)-4]; |
| 770 | 770 |
nn -= 4; |
| 771 | 771 |
} |
| 772 |
- while (nn > 0) {
|
|
| 773 |
- s->mtfa[(pp+nn)] = s->mtfa[(pp+nn)-1]; nn--; |
|
| 772 |
+ while (nn > 0) {
|
|
| 773 |
+ s->mtfa[(pp+nn)] = s->mtfa[(pp+nn)-1]; nn--; |
|
| 774 | 774 |
}; |
| 775 | 775 |
s->mtfa[pp] = uc; |
| 776 |
- } else {
|
|
| 776 |
+ } else {
|
|
| 777 | 777 |
/* general case */ |
| 778 | 778 |
lno = nn / MTFL_SIZE; |
| 779 | 779 |
off = nn % MTFL_SIZE; |
| 780 | 780 |
pp = s->mtfbase[lno] + off; |
| 781 | 781 |
uc = s->mtfa[pp]; |
| 782 |
- while (pp > s->mtfbase[lno]) {
|
|
| 783 |
- s->mtfa[pp] = s->mtfa[pp-1]; pp--; |
|
| 782 |
+ while (pp > s->mtfbase[lno]) {
|
|
| 783 |
+ s->mtfa[pp] = s->mtfa[pp-1]; pp--; |
|
| 784 | 784 |
}; |
| 785 | 785 |
s->mtfbase[lno]++; |
| 786 | 786 |
while (lno > 0) {
|
| 787 | 787 |
s->mtfbase[lno]--; |
| 788 |
- s->mtfa[s->mtfbase[lno]] |
|
| 788 |
+ s->mtfa[s->mtfbase[lno]] |
|
| 789 | 789 |
= s->mtfa[s->mtfbase[lno-1] + MTFL_SIZE - 1]; |
| 790 | 790 |
lno--; |
| 791 | 791 |
} |
| ... | ... |
@@ -880,7 +880,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 880 | 880 |
if (s->blockRandomised) {
|
| 881 | 881 |
BZ_RAND_INIT_MASK; |
| 882 | 882 |
BZ_GET_SMALL(s->k0); s->nblock_used++; |
| 883 |
- BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK; |
|
| 883 |
+ BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK; |
|
| 884 | 884 |
} else */{
|
| 885 | 885 |
BZ_GET_SMALL(s->k0); s->nblock_used++; |
| 886 | 886 |
} |
| ... | ... |
@@ -900,7 +900,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 900 | 900 |
if (s->blockRandomised) {
|
| 901 | 901 |
BZ_RAND_INIT_MASK; |
| 902 | 902 |
BZ_GET_FAST(s->k0); s->nblock_used++; |
| 903 |
- BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK; |
|
| 903 |
+ BZ_RAND_UPD_MASK; s->k0 ^= BZ_RAND_MASK; |
|
| 904 | 904 |
} else */{
|
| 905 | 905 |
BZ_GET_FAST(s->k0); s->nblock_used++; |
| 906 | 906 |
} |
| ... | ... |
@@ -971,7 +971,7 @@ static Int32 BZ2_decompress ( DState* s ) |
| 971 | 971 |
s->save_gBase = gBase; |
| 972 | 972 |
s->save_gPerm = gPerm; |
| 973 | 973 |
|
| 974 |
- return retVal; |
|
| 974 |
+ return retVal; |
|
| 975 | 975 |
} |
| 976 | 976 |
|
| 977 | 977 |
|
| ... | ... |
@@ -1003,8 +1003,8 @@ void default_bzfree ( void* opaque, void* addr ) |
| 1003 | 1003 |
} |
| 1004 | 1004 |
|
| 1005 | 1005 |
/*---------------------------------------------------*/ |
| 1006 |
-int BZ_API(nsis_BZ2_bzDecompressInit) |
|
| 1007 |
- ( nsis_bzstream* strm, |
|
| 1006 |
+int BZ_API(nsis_BZ2_bzDecompressInit) |
|
| 1007 |
+ ( nsis_bzstream* strm, |
|
| 1008 | 1008 |
int verbosity, |
| 1009 | 1009 |
int small ) |
| 1010 | 1010 |
{
|
| ... | ... |
@@ -1081,7 +1081,7 @@ int BZ_API(nsis_BZ2_bzDecompress) ( nsis_bzstream *strm ) |
| 1081 | 1081 |
if (r == BZ_STREAM_END) {
|
| 1082 | 1082 |
/* aCaB |
| 1083 | 1083 |
if (s->verbosity >= 3) |
| 1084 |
- VPrintf2 ( "\n combined CRCs: stored = 0x%08x, computed = 0x%08x", |
|
| 1084 |
+ VPrintf2 ( "\n combined CRCs: stored = 0x%08x, computed = 0x%08x", |
|
| 1085 | 1085 |
s->storedCombinedCRC, s->calculatedCombinedCRC ); |
| 1086 | 1086 |
if (s->calculatedCombinedCRC != s->storedCombinedCRC) |
| 1087 | 1087 |
return BZ_DATA_ERROR; |