From 2c8d04d0228871c24017509cf039e7c5d97d97be Mon Sep 17 00:00:00 2001
From: Xin LI <delphij@FreeBSD.org>
Date: Mon, 25 Jul 2016 14:45:48 +0000
Subject: [PATCH] Fix bspatch heap overflow vulnerability.

Obtained from:	Chromium
Reported by:	Lu Tung-Pin
Security:	FreeBSD-SA-16:25.bspatch
---
 usr.bin/bsdiff/bspatch/bspatch.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/usr.bin/bsdiff/bspatch/bspatch.c b/usr.bin/bsdiff/bspatch/bspatch.c
index eb99e5ba16a0..5d6141259f72 100644
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@@ -163,6 +163,10 @@ int main(int argc,char * argv[])
 			ctrl[i]=offtin(buf);
 		}
 
+		/* Sanity-check */
+		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+			errx(1,"Corrupt patch\n");
+
 		/* Sanity-check */
 		if(newpos+ctrl[0]>newsize)
 			errx(1,"Corrupt patch\n");