diff options
| author | Hans Wennborg <hans@chromium.org> | 2023-12-15 15:10:19 +0100 |
|---|---|---|
| committer | Mark Adler <madler@alumni.caltech.edu> | 2024-01-13 22:30:30 -0800 |
| commit | ee474ff2d11715485a87b123edbdd615ba218b88 (patch) | |
| tree | 6835ae1c20520f5c259de8c69e904400e71e8dde | |
| parent | 4bd9a71f3539b5ce47f0c67ab5e01f3196dc8ef9 (diff) | |
| download | zlib-ee474ff2d11715485a87b123edbdd615ba218b88.tar.gz zlib-ee474ff2d11715485a87b123edbdd615ba218b88.tar.bz2 zlib-ee474ff2d11715485a87b123edbdd615ba218b88.zip | |
Fix pending buffer overflow assert with LIT_MEM allocation.
Since each element in s->d_buf is 2 bytes, the sx index should be
multiplied by 2 in the assert.
Fixes #897
| -rw-r--r-- | trees.c | 2 |
1 files changed, 1 insertions, 1 deletions
| @@ -938,7 +938,7 @@ local void compress_block(deflate_state *s, const ct_data *ltree, | |||
| 938 | 938 | ||
| 939 | /* Check for no overlay of pending_buf on needed symbols */ | 939 | /* Check for no overlay of pending_buf on needed symbols */ |
| 940 | #ifdef LIT_MEM | 940 | #ifdef LIT_MEM |
| 941 | Assert(s->pending < (s->lit_bufsize << 1) + sx, "pendingBuf overflow"); | 941 | Assert(s->pending < 2 * (s->lit_bufsize + sx), "pendingBuf overflow"); |
| 942 | #else | 942 | #else |
| 943 | Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); | 943 | Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); |
| 944 | #endif | 944 | #endif |