aboutsummaryrefslogtreecommitdiff
path: root/infback.c
diff options
context:
space:
mode:
authorMark Adler <madler@alumni.caltech.edu>2011-09-09 23:22:30 -0700
committerMark Adler <madler@alumni.caltech.edu>2011-09-09 23:22:30 -0700
commit086e982175da84b3db958191031380794315f95f (patch)
tree12f18893b4561c1b0593931dfbb6cb300d6c00c7 /infback.c
parent85e7d7d9ba71d95a9e6a64b98bae4fac09f06f1c (diff)
downloadzlib-086e982175da84b3db958191031380794315f95f.tar.gz
zlib-086e982175da84b3db958191031380794315f95f.tar.bz2
zlib-086e982175da84b3db958191031380794315f95f.zip
zlib 1.2.0.4v1.2.0.4
Diffstat (limited to 'infback.c')
-rw-r--r--infback.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/infback.c b/infback.c
index 0aef86d..287624c 100644
--- a/infback.c
+++ b/infback.c
@@ -55,6 +55,7 @@ int stream_size;
55 state->wsize = 1U << windowBits; 55 state->wsize = 1U << windowBits;
56 state->window = window; 56 state->window = window;
57 state->write = 0; 57 state->write = 0;
58 state->whave = 0;
58 return Z_OK; 59 return Z_OK;
59} 60}
60 61
@@ -201,6 +202,7 @@ struct inflate_state FAR *state;
201 if (left == 0) { \ 202 if (left == 0) { \
202 put = state->window; \ 203 put = state->window; \
203 left = state->wsize; \ 204 left = state->wsize; \
205 state->whave = left; \
204 if (out(out_desc, put, left)) { \ 206 if (out(out_desc, put, left)) { \
205 ret = Z_BUF_ERROR; \ 207 ret = Z_BUF_ERROR; \
206 goto inf_leave; \ 208 goto inf_leave; \
@@ -216,7 +218,7 @@ struct inflate_state FAR *state;
216 in() and out() are the call-back input and output functions. When 218 in() and out() are the call-back input and output functions. When
217 inflateBack() needs more input, it calls in(). When inflateBack() has 219 inflateBack() needs more input, it calls in(). When inflateBack() has
218 filled the window with output, or when it completes with data in the 220 filled the window with output, or when it completes with data in the
219 window, it called out() to write out the data. The application must not 221 window, it calls out() to write out the data. The application must not
220 change the provided input until in() is called again or inflateBack() 222 change the provided input until in() is called again or inflateBack()
221 returns. The application must not change the window/output buffer until 223 returns. The application must not change the window/output buffer until
222 inflateBack() returns. 224 inflateBack() returns.
@@ -243,12 +245,13 @@ out_func out;
243void FAR *out_desc; 245void FAR *out_desc;
244{ 246{
245 struct inflate_state FAR *state; 247 struct inflate_state FAR *state;
246 unsigned char *next, *put; /* next input and output */ 248 unsigned char FAR *next; /* next input */
249 unsigned char FAR *put; /* next output */
247 unsigned have, left; /* available input and output */ 250 unsigned have, left; /* available input and output */
248 unsigned long hold; /* bit buffer */ 251 unsigned long hold; /* bit buffer */
249 unsigned bits; /* bits in bit buffer */ 252 unsigned bits; /* bits in bit buffer */
250 unsigned copy; /* number of stored or match bytes to copy */ 253 unsigned copy; /* number of stored or match bytes to copy */
251 unsigned char *from; /* where to copy match bytes from */ 254 unsigned char FAR *from; /* where to copy match bytes from */
252 code this; /* current decoding table entry */ 255 code this; /* current decoding table entry */
253 code last; /* parent table entry */ 256 code last; /* parent table entry */
254 unsigned len; /* length to copy for repeats, bits to drop */ 257 unsigned len; /* length to copy for repeats, bits to drop */
@@ -265,6 +268,7 @@ void FAR *out_desc;
265 strm->msg = Z_NULL; 268 strm->msg = Z_NULL;
266 state->mode = TYPE; 269 state->mode = TYPE;
267 state->last = 0; 270 state->last = 0;
271 state->whave = 0;
268 next = strm->next_in; 272 next = strm->next_in;
269 have = next != Z_NULL ? strm->avail_in : 0; 273 have = next != Z_NULL ? strm->avail_in : 0;
270 hold = 0; 274 hold = 0;
@@ -457,6 +461,8 @@ void FAR *out_desc;
457 /* use inflate_fast() if we have enough input and output */ 461 /* use inflate_fast() if we have enough input and output */
458 if (have >= 6 && left >= 258) { 462 if (have >= 6 && left >= 258) {
459 RESTORE(); 463 RESTORE();
464 if (state->whave < state->wsize)
465 state->whave = state->wsize - left;
460 inflate_fast(strm, state->wsize); 466 inflate_fast(strm, state->wsize);
461 LOAD(); 467 LOAD();
462 break; 468 break;
@@ -547,7 +553,8 @@ void FAR *out_desc;
547 state->offset += BITS(state->extra); 553 state->offset += BITS(state->extra);
548 DROPBITS(state->extra); 554 DROPBITS(state->extra);
549 } 555 }
550 if (state->offset > state->wsize) { 556 if (state->offset > state->wsize - (state->whave < state->wsize ?
557 left : 0)) {
551 strm->msg = (char *)"invalid distance too far back"; 558 strm->msg = (char *)"invalid distance too far back";
552 state->mode = BAD; 559 state->mode = BAD;
553 break; 560 break;