Browse code
applying patch to correct invalid read in unrar add_vm_code.
Micah Snyder authored on 2018/02/18 22:51:15Showing 1 changed files
| ... | ... |
@@ -666,7 +666,11 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte, |
| 666 | 666 |
return FALSE; |
| 667 | 667 |
} |
| 668 | 668 |
for (i=0 ; i < (size_t) vm_codesize ; i++) {
|
| 669 |
- vm_code[i] = rarvm_getbits(&rarvm_input) >> 8; |
|
| 669 |
+ if ((rarvm_input.in_addr + 2) < rarvm_input.buf_size) {
|
|
| 670 |
+ vm_code[i] = rarvm_getbits(&rarvm_input) >> 8; |
|
| 671 |
+ } else {
|
|
| 672 |
+ vm_code[i] = 0; |
|
| 673 |
+ } |
|
| 670 | 674 |
rarvm_addbits(&rarvm_input, 8); |
| 671 | 675 |
} |
| 672 | 676 |
if(!rarvm_prepare(&unpack_data->rarvm_data, &rarvm_input, &vm_code[0], (int) vm_codesize, &filter->prg)) {
|