"Multiple issues found in mpatch.c with a fuzzer:
- OVE-20180430-0001
- OVE-20180430-0002
- OVE-20180430-0004
With the following fixes:
- mpatch: be more careful about parsing binary patch data (SEC)
- mpatch: protect against underflow in mpatch_apply (SEC)
- mpatch: ensure fragment start isn't past the end of orig (SEC)
- mpatch: fix UB in int overflows in gather() (SEC)
- mpatch: fix UB integer overflows in discard() (SEC)
- mpatch: avoid integer overflow in mpatch_decode (SEC)
- mpatch: avoid integer overflow in combine() (SEC)
No exploits are known at the time."
61959b1e02