Browse code
B11955: a few minor changes stolen from the latest 7z to close a double-free vulnerability
Micah Snyder authored on 2017/11/16 05:02:51Showing 1 changed files
| ... | ... |
@@ -331,7 +331,7 @@ void MixCoder_Construct(CMixCoder *p, ISzAlloc *alloc) |
| 331 | 331 |
{
|
| 332 | 332 |
int i; |
| 333 | 333 |
p->alloc = alloc; |
| 334 |
- p->buf = 0; |
|
| 334 |
+ p->buf = NULL; |
|
| 335 | 335 |
p->numCoders = 0; |
| 336 | 336 |
for (i = 0; i < MIXCODER_NUM_FILTERS_MAX; i++) |
| 337 | 337 |
p->coders[i].p = NULL; |
| ... | ... |
@@ -348,7 +348,10 @@ void MixCoder_Free(CMixCoder *p) |
| 348 | 348 |
} |
| 349 | 349 |
p->numCoders = 0; |
| 350 | 350 |
if (p->buf) |
| 351 |
+ {
|
|
| 351 | 352 |
p->alloc->Free(p->alloc, p->buf); |
| 353 |
+ p->buf = NULL; /* 9.31: the BUG was fixed */ |
|
| 354 |
+ } |
|
| 352 | 355 |
} |
| 353 | 356 |
|
| 354 | 357 |
void MixCoder_Init(CMixCoder *p) |
| ... | ... |
@@ -604,6 +607,8 @@ SRes XzUnpacker_Create(CXzUnpacker *p, ISzAlloc *alloc) |
| 604 | 604 |
p->state = XZ_STATE_STREAM_HEADER; |
| 605 | 605 |
p->pos = 0; |
| 606 | 606 |
p->numStreams = 0; |
| 607 |
+ p->numBlocks = 0; |
|
| 608 |
+ p->padSize = 0; |
|
| 607 | 609 |
return SZ_OK; |
| 608 | 610 |
} |
| 609 | 611 |
|