Browse code
bb12059 - 100.1 - fixing potential buffer reads based on values from unintialized vars when unpacking rar files
Mickey Sola authored on 2018/05/25 06:05:29Showing 1 changed files
| ... | ... |
@@ -836,8 +836,6 @@ void rar_unpack_init_data(int solid, unpack_data_t *unpack_data) |
| 836 | 836 |
memset(unpack_data->old_dist, 0, sizeof(unpack_data->old_dist)); |
| 837 | 837 |
unpack_data->old_dist_ptr= 0; |
| 838 | 838 |
memset(unpack_data->unp_old_table, 0, sizeof(unpack_data->unp_old_table)); |
| 839 |
- memset(&unpack_data->LD, 0, sizeof(unpack_data->LD)); |
|
| 840 |
- memset(&unpack_data->DD, 0, sizeof(unpack_data->DD)); |
|
| 841 | 839 |
memset(&unpack_data->LDD, 0, sizeof(unpack_data->LDD)); |
| 842 | 840 |
memset(&unpack_data->RD, 0, sizeof(unpack_data->RD)); |
| 843 | 841 |
memset(&unpack_data->BD, 0, sizeof(unpack_data->BD)); |
| ... | ... |
@@ -849,6 +847,8 @@ void rar_unpack_init_data(int solid, unpack_data_t *unpack_data) |
| 849 | 849 |
unpack_data->unp_block_type = BLOCK_LZ; |
| 850 | 850 |
rar_init_filters(unpack_data); |
| 851 | 851 |
} |
| 852 |
+ memset(&unpack_data->LD, 0, sizeof(unpack_data->LD)); |
|
| 853 |
+ memset(&unpack_data->DD, 0, sizeof(unpack_data->DD)); |
|
| 852 | 854 |
unpack_data->in_bit = 0; |
| 853 | 855 |
unpack_data->in_addr = 0; |
| 854 | 856 |
unpack_data->read_top = 0; |