From c33612fb4ee893d4591e5949d02e25ae3b997834 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <sezeroz@gmail.com>
Date: Mon, 27 Dec 2021 10:50:32 +0300
Subject: [PATCH] tinfl_decompress: avoid NULL ptr arithmetic UB:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: https://github.com/richgel999/miniz/issues/216

Also see:
https://github.com/mitkus/miniz/commit/6b8c30e4a95dd649adf14cf4bcad90701e323b9a

Petr Písař: Ported to 2.2.0.

Signed-off-by: Petr Písař <ppisar@redhat.com>
---
 miniz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/miniz.c b/miniz.c
index 95e4186..845a107 100644
--- a/miniz.c
+++ b/miniz.c
@@ -2401,7 +2401,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
     mz_uint32 num_bits, dist, counter, num_extra;
     tinfl_bit_buf_t bit_buf;
     const mz_uint8 *pIn_buf_cur = pIn_buf_next, *const pIn_buf_end = pIn_buf_next + *pIn_buf_size;
-    mz_uint8 *pOut_buf_cur = pOut_buf_next, *const pOut_buf_end = pOut_buf_next + *pOut_buf_size;
+    mz_uint8 *pOut_buf_cur = pOut_buf_next, *const pOut_buf_end = pOut_buf_next ? pOut_buf_next + *pOut_buf_size : NULL;
     size_t out_buf_size_mask = (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF) ? (size_t)-1 : ((pOut_buf_next - pOut_buf_start) + *pOut_buf_size) - 1, dist_from_out_buf_start;
 
     /* Ensure the output buffer's size is a power of 2, unless the output buffer is large enough to hold the entire output file (in which case it doesn't matter). */
-- 
2.34.1