On Wed, 2015-01-28 at 15:24 +, Jan Beulich wrote:
> "origPtr" is used as an offset into the bd->dbuf[] array. That array is
> allocated in start_bunzip() and has "bd->dbufSize" number of elements so
> the test here should be >= instead of >.
>
> Later we check "origPtr" again before using it
"origPtr" is used as an offset into the bd->dbuf[] array. That array is
allocated in start_bunzip() and has "bd->dbufSize" number of elements so
the test here should be >= instead of >.
Later we check "origPtr" again before using it as an offset so I don't
know if this bug can be triggered in rea
