You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.5 KiB
37 lines
1.5 KiB
From c33612fb4ee893d4591e5949d02e25ae3b997834 Mon Sep 17 00:00:00 2001
|
|
From: Ozkan Sezer <sezeroz@gmail.com>
|
|
Date: Mon, 27 Dec 2021 10:50:32 +0300
|
|
Subject: [PATCH] tinfl_decompress: avoid NULL ptr arithmetic UB:
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Fixes: https://github.com/richgel999/miniz/issues/216
|
|
|
|
Also see:
|
|
https://github.com/mitkus/miniz/commit/6b8c30e4a95dd649adf14cf4bcad90701e323b9a
|
|
|
|
Petr Písař: Ported to 2.2.0.
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
miniz.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/miniz.c b/miniz.c
|
|
index 95e4186..845a107 100644
|
|
--- a/miniz.c
|
|
+++ b/miniz.c
|
|
@@ -2401,7 +2401,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
|
|
mz_uint32 num_bits, dist, counter, num_extra;
|
|
tinfl_bit_buf_t bit_buf;
|
|
const mz_uint8 *pIn_buf_cur = pIn_buf_next, *const pIn_buf_end = pIn_buf_next + *pIn_buf_size;
|
|
- mz_uint8 *pOut_buf_cur = pOut_buf_next, *const pOut_buf_end = pOut_buf_next + *pOut_buf_size;
|
|
+ mz_uint8 *pOut_buf_cur = pOut_buf_next, *const pOut_buf_end = pOut_buf_next ? pOut_buf_next + *pOut_buf_size : NULL;
|
|
size_t out_buf_size_mask = (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF) ? (size_t)-1 : ((pOut_buf_next - pOut_buf_start) + *pOut_buf_size) - 1, dist_from_out_buf_start;
|
|
|
|
/* Ensure the output buffer's size is a power of 2, unless the output buffer is large enough to hold the entire output file (in which case it doesn't matter). */
|
|
--
|
|
2.34.1
|
|
|