summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Adler <madler@alumni.caltech.edu>2013-01-21 10:15:51 -0800
committerMark Adler <madler@alumni.caltech.edu>2013-01-21 10:17:45 -0800
commit10056909c00bca2684340856ce20272f3fd8fa43 (patch)
tree75a1b8606c954ae4c483479091de21d3dfb226f3
parentb6c5057ca18b59d8c20cccac3bbbd84206fd4e83 (diff)
downloadzlib-10056909c00bca2684340856ce20272f3fd8fa43.tar.gz
zlib-10056909c00bca2684340856ce20272f3fd8fa43.tar.bz2
zlib-10056909c00bca2684340856ce20272f3fd8fa43.zip
Check for invalid code length codes in contrib/puff.
Without this fix, it would be possible to construct inputs to puff that would cause it to segfault.
Diffstat
-rw-r--r--contrib/puff/puff.c7
-rw-r--r--contrib/puff/puff.h4
-rw-r--r--contrib/puff/pufftest.c4
3 files changed, 9 insertions, 6 deletions
diff --git a/contrib/puff/puff.c b/contrib/puff/puff.c
index df8470c..ba58483 100644
--- a/contrib/puff/puff.c
+++ b/contrib/puff/puff.c
@@ -1,8 +1,8 @@
1/* 1/*
2 * puff.c 2 * puff.c
3 * Copyright (C) 2002-2010 Mark Adler 3 * Copyright (C) 2002-2013 Mark Adler
4 * For conditions of distribution and use, see copyright notice in puff.h 4 * For conditions of distribution and use, see copyright notice in puff.h
5 * version 2.2, 25 Apr 2010 5 * version 2.3, 21 Jan 2013
6 * 6 *
7 * puff.c is a simple inflate written to be an unambiguous way to specify the 7 * puff.c is a simple inflate written to be an unambiguous way to specify the
8 * deflate format. It is not written for speed but rather simplicity. As a 8 * deflate format. It is not written for speed but rather simplicity. As a
@@ -76,6 +76,7 @@
76 * - Move NIL to puff.h 76 * - Move NIL to puff.h
77 * - Allow incomplete code only if single code length is 1 77 * - Allow incomplete code only if single code length is 1
78 * - Add full code coverage test to Makefile 78 * - Add full code coverage test to Makefile
79 * 2.3 21 Jan 2013 - Check for invalid code length codes in dynamic blocks
79 */ 80 */
80 81
81#include <setjmp.h> /* for setjmp(), longjmp(), and jmp_buf */ 82#include <setjmp.h> /* for setjmp(), longjmp(), and jmp_buf */
@@ -704,6 +705,8 @@ local int dynamic(struct state *s)
704 int len; /* last length to repeat */ 705 int len; /* last length to repeat */
705 706
706 symbol = decode(s, &lencode); 707 symbol = decode(s, &lencode);
708 if (symbol < 0)
709 return symbol; /* invalid symbol */
707 if (symbol < 16) /* length in 0..15 */ 710 if (symbol < 16) /* length in 0..15 */
708 lengths[index++] = symbol; 711 lengths[index++] = symbol;
709 else { /* repeat instruction */ 712 else { /* repeat instruction */
diff --git a/contrib/puff/puff.h b/contrib/puff/puff.h
index 6a0080a..e23a245 100644
--- a/contrib/puff/puff.h
+++ b/contrib/puff/puff.h
@@ -1,6 +1,6 @@
1/* puff.h 1/* puff.h
2 Copyright (C) 2002-2010 Mark Adler, all rights reserved 2 Copyright (C) 2002-2013 Mark Adler, all rights reserved
3 version 2.2, 25 Apr 2010 3 version 2.3, 21 Jan 2013
4 4
5 This software is provided 'as-is', without any express or implied 5 This software is provided 'as-is', without any express or implied
6 warranty. In no event will the author be held liable for any damages 6 warranty. In no event will the author be held liable for any damages
diff --git a/contrib/puff/pufftest.c b/contrib/puff/pufftest.c
index 76e35f6..7764814 100644
--- a/contrib/puff/pufftest.c
+++ b/contrib/puff/pufftest.c
@@ -1,8 +1,8 @@
1/* 1/*
2 * pufftest.c 2 * pufftest.c
3 * Copyright (C) 2002-2010 Mark Adler 3 * Copyright (C) 2002-2013 Mark Adler
4 * For conditions of distribution and use, see copyright notice in puff.h 4 * For conditions of distribution and use, see copyright notice in puff.h
5 * version 2.2, 25 Apr 2010 5 * version 2.3, 21 Jan 2013
6 */ 6 */
7 7
8/* Example of how to use puff(). 8/* Example of how to use puff().
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 21:19:12 +0000