summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Adler <fork@madler.net>2022-08-08 10:50:09 -0700
committerMark Adler <fork@madler.net>2022-08-08 10:55:40 -0700
commit1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d (patch)
tree0cae0ba8c95ca16ecc218abd39aa119bc40690c8
parent22aec0cb0bb53c126f9feb0471f616203e55d37d (diff)
downloadzlib-1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.tar.gz
zlib-1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.tar.bz2
zlib-1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.zip
Fix extra field processing bug that dereferences NULL state->head.
The recent commit to fix a gzip header extra field processing bug introduced the new bug fixed here.
Diffstat
-rw-r--r--inflate.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/inflate.c b/inflate.c
index 7a72897..2a3c4fe 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,10 +763,10 @@ int flush;
763 copy = state->length; 763 copy = state->length;
764 if (copy > have) copy = have; 764 if (copy > have) copy = have;
765 if (copy) { 765 if (copy) {
766 len = state->head->extra_len - state->length;
767 if (state->head != Z_NULL && 766 if (state->head != Z_NULL &&
768 state->head->extra != Z_NULL && 767 state->head->extra != Z_NULL &&
769 len < state->head->extra_max) { 768 (len = state->head->extra_len - state->length) <
769 state->head->extra_max) {
770 zmemcpy(state->head->extra + len, next, 770 zmemcpy(state->head->extra + len, next,
771 len + copy > state->head->extra_max ? 771 len + copy > state->head->extra_max ?
772 state->head->extra_max - len : copy); 772 state->head->extra_max - len : copy);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 21:25:25 +0000