diff options
| author | Mark Adler <madler@alumni.caltech.edu> | 2011-09-09 23:22:30 -0700 |
|---|---|---|
| committer | Mark Adler <madler@alumni.caltech.edu> | 2011-09-09 23:22:30 -0700 |
| commit | 086e982175da84b3db958191031380794315f95f (patch) | |
| tree | 12f18893b4561c1b0593931dfbb6cb300d6c00c7 /infback.c | |
| parent | 85e7d7d9ba71d95a9e6a64b98bae4fac09f06f1c (diff) | |
| download | zlib-086e982175da84b3db958191031380794315f95f.tar.gz zlib-086e982175da84b3db958191031380794315f95f.tar.bz2 zlib-086e982175da84b3db958191031380794315f95f.zip | |
zlib 1.2.0.4v1.2.0.4
Diffstat (limited to 'infback.c')
| -rw-r--r-- | infback.c | 15 |
1 files changed, 11 insertions, 4 deletions
| @@ -55,6 +55,7 @@ int stream_size; | |||
| 55 | state->wsize = 1U << windowBits; | 55 | state->wsize = 1U << windowBits; |
| 56 | state->window = window; | 56 | state->window = window; |
| 57 | state->write = 0; | 57 | state->write = 0; |
| 58 | state->whave = 0; | ||
| 58 | return Z_OK; | 59 | return Z_OK; |
| 59 | } | 60 | } |
| 60 | 61 | ||
| @@ -201,6 +202,7 @@ struct inflate_state FAR *state; | |||
| 201 | if (left == 0) { \ | 202 | if (left == 0) { \ |
| 202 | put = state->window; \ | 203 | put = state->window; \ |
| 203 | left = state->wsize; \ | 204 | left = state->wsize; \ |
| 205 | state->whave = left; \ | ||
| 204 | if (out(out_desc, put, left)) { \ | 206 | if (out(out_desc, put, left)) { \ |
| 205 | ret = Z_BUF_ERROR; \ | 207 | ret = Z_BUF_ERROR; \ |
| 206 | goto inf_leave; \ | 208 | goto inf_leave; \ |
| @@ -216,7 +218,7 @@ struct inflate_state FAR *state; | |||
| 216 | in() and out() are the call-back input and output functions. When | 218 | in() and out() are the call-back input and output functions. When |
| 217 | inflateBack() needs more input, it calls in(). When inflateBack() has | 219 | inflateBack() needs more input, it calls in(). When inflateBack() has |
| 218 | filled the window with output, or when it completes with data in the | 220 | filled the window with output, or when it completes with data in the |
| 219 | window, it called out() to write out the data. The application must not | 221 | window, it calls out() to write out the data. The application must not |
| 220 | change the provided input until in() is called again or inflateBack() | 222 | change the provided input until in() is called again or inflateBack() |
| 221 | returns. The application must not change the window/output buffer until | 223 | returns. The application must not change the window/output buffer until |
| 222 | inflateBack() returns. | 224 | inflateBack() returns. |
| @@ -243,12 +245,13 @@ out_func out; | |||
| 243 | void FAR *out_desc; | 245 | void FAR *out_desc; |
| 244 | { | 246 | { |
| 245 | struct inflate_state FAR *state; | 247 | struct inflate_state FAR *state; |
| 246 | unsigned char *next, *put; /* next input and output */ | 248 | unsigned char FAR *next; /* next input */ |
| 249 | unsigned char FAR *put; /* next output */ | ||
| 247 | unsigned have, left; /* available input and output */ | 250 | unsigned have, left; /* available input and output */ |
| 248 | unsigned long hold; /* bit buffer */ | 251 | unsigned long hold; /* bit buffer */ |
| 249 | unsigned bits; /* bits in bit buffer */ | 252 | unsigned bits; /* bits in bit buffer */ |
| 250 | unsigned copy; /* number of stored or match bytes to copy */ | 253 | unsigned copy; /* number of stored or match bytes to copy */ |
| 251 | unsigned char *from; /* where to copy match bytes from */ | 254 | unsigned char FAR *from; /* where to copy match bytes from */ |
| 252 | code this; /* current decoding table entry */ | 255 | code this; /* current decoding table entry */ |
| 253 | code last; /* parent table entry */ | 256 | code last; /* parent table entry */ |
| 254 | unsigned len; /* length to copy for repeats, bits to drop */ | 257 | unsigned len; /* length to copy for repeats, bits to drop */ |
| @@ -265,6 +268,7 @@ void FAR *out_desc; | |||
| 265 | strm->msg = Z_NULL; | 268 | strm->msg = Z_NULL; |
| 266 | state->mode = TYPE; | 269 | state->mode = TYPE; |
| 267 | state->last = 0; | 270 | state->last = 0; |
| 271 | state->whave = 0; | ||
| 268 | next = strm->next_in; | 272 | next = strm->next_in; |
| 269 | have = next != Z_NULL ? strm->avail_in : 0; | 273 | have = next != Z_NULL ? strm->avail_in : 0; |
| 270 | hold = 0; | 274 | hold = 0; |
| @@ -457,6 +461,8 @@ void FAR *out_desc; | |||
| 457 | /* use inflate_fast() if we have enough input and output */ | 461 | /* use inflate_fast() if we have enough input and output */ |
| 458 | if (have >= 6 && left >= 258) { | 462 | if (have >= 6 && left >= 258) { |
| 459 | RESTORE(); | 463 | RESTORE(); |
| 464 | if (state->whave < state->wsize) | ||
| 465 | state->whave = state->wsize - left; | ||
| 460 | inflate_fast(strm, state->wsize); | 466 | inflate_fast(strm, state->wsize); |
| 461 | LOAD(); | 467 | LOAD(); |
| 462 | break; | 468 | break; |
| @@ -547,7 +553,8 @@ void FAR *out_desc; | |||
| 547 | state->offset += BITS(state->extra); | 553 | state->offset += BITS(state->extra); |
| 548 | DROPBITS(state->extra); | 554 | DROPBITS(state->extra); |
| 549 | } | 555 | } |
| 550 | if (state->offset > state->wsize) { | 556 | if (state->offset > state->wsize - (state->whave < state->wsize ? |
| 557 | left : 0)) { | ||
| 551 | strm->msg = (char *)"invalid distance too far back"; | 558 | strm->msg = (char *)"invalid distance too far back"; |
| 552 | state->mode = BAD; | 559 | state->mode = BAD; |
| 553 | break; | 560 | break; |