From 9141f1df0d6ecb84f298633ba03569bbf5c842d0 Mon Sep 17 00:00:00 2001 From: Hugo Lefeuvre <hle@debian.org> Date: Wed, 17 Jan 2018 10:52:47 +0100 Subject: [PATCH 26/29] Fix left shift of a negative value in readSBits. Check for !number before left-shifting by (number-1). This commit fixes CVE-2018-5294 (fixes #97). --- util/read.c | 2 +- 1 file changed, 1 insertions(+), 1 deletion(-) diff --git a/util/read.c b/util/read.c index 32f4c673..bce95ef1 100644 --- a/util/read.c +++ b/util/read.c @@ -107,7 +107,7 @@ int readSBits(FILE *f, int number) { int num = readBits(f, number); - if(num & (1<<(number-1))) + if(number && num & (1<<(number-1))) return num - (1<<number); else return num; -- 2.14.3