wok rev 666
linux & busybox: memory leak in unlzma
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Apr 23 08:46:02 2008 +0000 (2008-04-23) |
| parents | fb8167e6c7f5 |
| children | edd31fe73ba8 |
| files | busybox/receipt busybox/stuff/busybox-1.10.1-unlzma.u linux/stuff/linux-lzma-2.6.24.2.u |
line diff
1.1 --- a/busybox/receipt Wed Apr 23 01:14:59 2008 +0200 1.2 +++ b/busybox/receipt Wed Apr 23 08:46:02 2008 +0000 1.3 @@ -21,6 +21,7 @@ 1.4 patch -p1 < ../stuff/$PACKAGE-$VERSION-dhcpc.u 1.5 patch -p1 < ../stuff/$PACKAGE-$VERSION-cpio-mkdir.u 1.6 patch -p1 < ../stuff/$PACKAGE-$VERSION-cpio-mtime.u 1.7 + patch -p1 < ../stuff/$PACKAGE-$VERSION-unlzma.u 1.8 cp ../stuff/$PACKAGE-$VERSION.config .config 1.9 make oldconfig 1.10 make && make install
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/busybox/stuff/busybox-1.10.1-unlzma.u Wed Apr 23 08:46:02 2008 +0000 2.3 @@ -0,0 +1,23 @@ 2.4 +--- busybox-1.10.1/archival/libunarchive/decompress_unlzma.c 2.5 ++++ busybox-1.10.1/archival/libunarchive/decompress_unlzma.c 2.6 +@@ -491,10 +491,16 @@ 2.7 + 2.8 + if (full_write(dst_fd, buffer, buffer_pos) != buffer_pos) { 2.9 + bad: 2.10 ++ len = -1; 2.11 ++ } 2.12 ++ else { 2.13 ++ USE_DESKTOP(total_written += buffer_pos;) 2.14 ++ len = USE_DESKTOP(total_written) + 0; 2.15 ++ } 2.16 ++ if (ENABLE_FEATURE_CLEAN_UP) { 2.17 + rc_free(rc); 2.18 +- return -1; 2.19 ++ free(buffer); 2.20 ++ free(p); 2.21 + } 2.22 +- rc_free(rc); 2.23 +- USE_DESKTOP(total_written += buffer_pos;) 2.24 +- return USE_DESKTOP(total_written) + 0; 2.25 ++ return len; 2.26 + }
3.1 --- a/linux/stuff/linux-lzma-2.6.24.2.u Wed Apr 23 01:14:59 2008 +0200 3.2 +++ b/linux/stuff/linux-lzma-2.6.24.2.u Wed Apr 23 08:46:02 2008 +0000 3.3 @@ -1624,7 +1624,7 @@ 3.4 3.5 --- linux-2.6.24.2/lib/decompress_unlzma.c 3.6 +++ linux-2.6.24.2/lib/decompress_unlzma.c 3.7 -@@ -0,0 +1,605 @@ 3.8 +@@ -0,0 +1,601 @@ 3.9 +/* Lzma decompressor for Linux kernel. Shamelessly snarfed 3.10 + * from busybox 1.1.1 3.11 + * 3.12 @@ -2050,20 +2050,20 @@ 3.13 + prob_lit = prob + mi; 3.14 + rc_get_bit(&rc, prob_lit, &mi); 3.15 + } 3.16 ++ if (state < 4) 3.17 ++ state = 0; 3.18 ++ else if (state < 10) 3.19 ++ state -= 3; 3.20 ++ else 3.21 ++ state -= 6; 3.22 + previous_byte = (uint8_t) mi; 3.23 -+ 3.24 ++ one_byte: 3.25 + buffer[buffer_pos++] = previous_byte; 3.26 + if (buffer_pos == header.dict_size) { 3.27 + buffer_pos = 0; 3.28 + global_pos += header.dict_size; 3.29 + writebb((char*)buffer, header.dict_size); 3.30 + } 3.31 -+ if (state < 4) 3.32 -+ state = 0; 3.33 -+ else if (state < 10) 3.34 -+ state -= 3; 3.35 -+ else 3.36 -+ state -= 6; 3.37 + } else { 3.38 + int offset; 3.39 + uint16_t *prob_len; 3.40 @@ -2095,13 +2095,7 @@ 3.41 + goto fail; 3.42 + } 3.43 + previous_byte = buffer[pos]; 3.44 -+ buffer[buffer_pos++] = previous_byte; 3.45 -+ if (buffer_pos == header.dict_size) { 3.46 -+ buffer_pos = 0; 3.47 -+ global_pos += header.dict_size; 3.48 -+ writebb((char*)buffer, header.dict_size); 3.49 -+ } 3.50 -+ continue; 3.51 ++ goto one_byte; 3.52 + } else { 3.53 + rc_update_bit_1(&rc, prob); 3.54 + } 3.55 @@ -2225,9 +2219,11 @@ 3.56 + *posp = rc.ptr-rc.buffer; 3.57 + } 3.58 + large_free(buffer); 3.59 ++ large_free(p); 3.60 + return 0; 3.61 + fail: 3.62 + large_free(buffer); 3.63 ++ large_free(p); 3.64 + return -1; 3.65 +} 3.66