Author: Jakub Martisko Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1319648 Description: CVE-2016-3189 bzip2: heap use after free in bzip2recover diff -up ./bzip2recover.c.old ./bzip2recover.c --- ./bzip2recover.c.old 2016-03-22 08:49:38.855620000 +0100 +++ ./bzip2recover.c 2016-03-30 10:22:27.341430099 +0200 @@ -458,6 +458,7 @@ Int32 main ( Int32 argc, Char** argv ) bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 ); bsPutUInt32 ( bsWr, blockCRC ); bsClose ( bsWr ); + outFile = NULL; } if (wrBlock >= rbCtr) break; wrBlock++;