+gzip (1.3.5-15) unstable; urgency=high
+
+ * security update, covering the following alerts:
+ CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 19 Sep 2006 06:35:26 -0600
+
gzip (1.3.5-14) unstable; urgency=medium
* update section to match override
{
*t = (struct huft *)NULL;
*m = 0;
- return 0;
+ return 2;
}
#define NT (CODE_BIT + 3)
#define PBIT 4 /* smallest integer such that (1U << PBIT) > NP */
#define TBIT 5 /* smallest integer such that (1U << TBIT) > NT */
-#if NT > NP
-# define NPT NT
-#else
-# define NPT NP
-#endif
+#define NPT (1<<TBIT)
/* local ush left[2 * NC - 1]; */
/* local ush right[2 * NC - 1]; */
if ((len = bitlen[ch]) == 0) continue;
nextcode = start[len] + weight[len];
if (len <= (unsigned)tablebits) {
+ if (nextcode > 1 << tablebits)
+ error("Bad table\n");
for (i = start[len]; i < nextcode; i++) table[i] = ch;
} else {
k = start[len];
if (c == 7) {
mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
while (mask & bitbuf) { mask >>= 1; c++; }
+ if (c > 16)
+ error("Bad table\n");
}
fillbuf((c < 7) ? 3 : c - 3);
pt_len[i++] = c;
int len; /* bit length */
int base; /* base offset for a sequence of leaves */
int n;
+ int max_leaves;
/* Read the original input size, MSB first */
orig_len = 0;
/* Get the number of leaves at each bit length */
n = 0;
+ max_leaves = 1;
for (len = 1; len <= max_len; len++) {
leaves[len] = (int)get_byte();
+ if (leaves[len] > max_leaves - (len == max_len))
+ error("too many leaves in Huffman tree");
+ max_leaves = (max_leaves - leaves[len] + 1) * 2 - 1;
n += leaves[len];
}
- if (n > LITERALS) {
+ if (n >= LITERALS) {
error("too many leaves in Huffman tree");
}
Trace((stderr, "orig_len %lu, max_len %d, leaves %d\n",