shithub: choc

Download patch

ref: 8237514e5f550a161f8ba243bd1515a4415a1c3a
parent: 1263787fc7e6578c31adc4651f786940e6a0aeeb
author: Patricia Aas <psmaas@gmail.com>
date: Tue Mar 22 16:59:53 EDT 2022

Fix unlink vulnerability in z_native.c (#1454)

* Fix for issue #1453

Check that the pointers are stil pointing at the block before the unlink is performed

* Set the right indentation

--- a/src/z_native.c
+++ b/src/z_native.c
@@ -112,11 +112,19 @@
     }
     else
     {
+        if (block->prev->next != block)
+        {
+            I_Error("Z_RemoveBlock: Doubly-linked list corrupted!");
+        }
         block->prev->next = block->next;
     }
 
     if (block->next != NULL)
     {
+        if (block->next->prev != block)
+        {
+            I_Error("Z_RemoveBlock: Doubly-linked list corrupted!");
+        }
         block->next->prev = block->prev;
     }
 }