CVE-2014-9862.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

--- bspatch.c	2005-08-17 02:14:00.000000000 +0400
+++ bspatch.c.new	2023-06-06 22:03:24.563865659 +0300
@@ -150,10 +150,13 @@
 				errx(1, "Corrupt patch\n");
 			ctrl[i]=offtin(buf);
 		};
 
 		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");
 
 		/* Read diff string */
 		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);