squashfs-tools/SOURCES/cve-2015-4645.patch
2021-09-10 04:52:12 +00:00

30 lines
1.1 KiB
Diff

diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c
index ecdaac796f09..2c0cf63daf67 100644
--- a/squashfs-tools/unsquash-4.c
+++ b/squashfs-tools/unsquash-4.c
@@ -31,9 +31,9 @@ static unsigned int *id_table;
int read_fragment_table_4(long long *directory_table_end)
{
int res, i;
- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
- long long fragment_table_index[indexes];
+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments);
+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments);
+ long long *fragment_table_index;
TRACE("read_fragment_table: %d fragments, reading %d fragment indexes "
"from 0x%llx\n", sBlk.s.fragments, indexes,
@@ -44,6 +44,11 @@ int read_fragment_table_4(long long *directory_table_end)
return TRUE;
}
+ fragment_table_index = malloc(indexes*sizeof(long long));
+ if(fragment_table_index == NULL)
+ EXIT_UNSQUASH("read_fragment_table: failed to allocate "
+ "fragment table index\n");
+
fragment_table = malloc(bytes);
if(fragment_table == NULL)
EXIT_UNSQUASH("read_fragment_table: failed to allocate "