zutils/debian/patches/0003-zcat-buffer-overrun.patch

Author: Antonio Diaz-Diaz <antonio@gnu.org>
Description: zcat.cc: Fixed a buffer overrun on outbuf when '-v' is used [CVE-2018-1000637] (Closes: #902936).

diff -Naurp zutils.orig/zcat.cc zutils/zcat.cc
--- zutils.orig/zcat.cc
+++ zutils/zcat.cc
@@ -229,8 +229,9 @@ int cat( int infd, const int format_inde
   enum { buffer_size = 4096 };
   // buffer with space for sentinel newline at the end
   uint8_t * const inbuf = new uint8_t[buffer_size+1];
-  // buffer with space for character quoting and 255-digit line number
-  uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];
+  // buffer with space for character quoting, 255-digit line number and
+  // worst case flushing respect to inbuf.
+  uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];
   int retval = 0;
   Children children;
   if( !set_data_feeder( &infd, children, format_index ) ) retval = 1;
Adding patch from upstream to fix a buffer overrun in zcat [CVE-2018-1000637] (Closes: #902936). Signed-off-by: Daniel Baumann <daniel@debian.org> 2025-02-24 06:08:28 +01:00			`Author: Antonio Diaz-Diaz <antonio@gnu.org>`
			`Description: zcat.cc: Fixed a buffer overrun on outbuf when '-v' is used [CVE-2018-1000637] (Closes: #902936).`

			`diff -Naurp zutils.orig/zcat.cc zutils/zcat.cc`
			`--- zutils.orig/zcat.cc`
			`+++ zutils/zcat.cc`
			`@@ -229,8 +229,9 @@ int cat( int infd, const int format_inde`
			`enum { buffer_size = 4096 };`
			`// buffer with space for sentinel newline at the end`
			`uint8_t * const inbuf = new uint8_t[buffer_size+1];`
			`- // buffer with space for character quoting and 255-digit line number`
			`- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];`
			`+ // buffer with space for character quoting, 255-digit line number and`
			`+ // worst case flushing respect to inbuf.`
			`+ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];`
			`int retval = 0;`
			`Children children;`
			`if( !set_data_feeder( &infd, children, format_index ) ) retval = 1;`