diff options
author | Mark Adler <madler@alumni.caltech.edu> | 2011-09-09 23:24:33 -0700 |
---|---|---|
committer | Mark Adler <madler@alumni.caltech.edu> | 2011-09-09 23:24:33 -0700 |
commit | 0484693e1723bbab791c56f95597bd7dbe867d03 (patch) | |
tree | 8f31dbed98b4390da74a90b484f2accf8f8a3a8e /inflate.c | |
parent | 9811b53dd9e8f67015c7199fff12b5bfc6965330 (diff) | |
download | zlib-0484693e1723bbab791c56f95597bd7dbe867d03.tar.gz zlib-0484693e1723bbab791c56f95597bd7dbe867d03.tar.bz2 zlib-0484693e1723bbab791c56f95597bd7dbe867d03.zip |
zlib 1.2.2.2v1.2.2.2
Diffstat (limited to 'inflate.c')
-rw-r--r-- | inflate.c | 16 |
1 files changed, 13 insertions, 3 deletions
@@ -113,6 +113,7 @@ z_streamp strm; | |||
113 | state->mode = HEAD; | 113 | state->mode = HEAD; |
114 | state->last = 0; | 114 | state->last = 0; |
115 | state->havedict = 0; | 115 | state->havedict = 0; |
116 | state->dmax = 32768U; | ||
116 | state->head = Z_NULL; | 117 | state->head = Z_NULL; |
117 | state->wsize = 0; | 118 | state->wsize = 0; |
118 | state->whave = 0; | 119 | state->whave = 0; |
@@ -600,11 +601,13 @@ int flush; | |||
600 | break; | 601 | break; |
601 | } | 602 | } |
602 | DROPBITS(4); | 603 | DROPBITS(4); |
603 | if (BITS(4) + 8 > state->wbits) { | 604 | len = BITS(4) + 8; |
605 | if (len > state->wbits) { | ||
604 | strm->msg = (char *)"invalid window size"; | 606 | strm->msg = (char *)"invalid window size"; |
605 | state->mode = BAD; | 607 | state->mode = BAD; |
606 | break; | 608 | break; |
607 | } | 609 | } |
610 | state->dmax = 1U << len; | ||
608 | Tracev((stderr, "inflate: zlib header ok\n")); | 611 | Tracev((stderr, "inflate: zlib header ok\n")); |
609 | strm->adler = state->check = adler32(0L, Z_NULL, 0); | 612 | strm->adler = state->check = adler32(0L, Z_NULL, 0); |
610 | state->mode = hold & 0x200 ? DICTID : TYPE; | 613 | state->mode = hold & 0x200 ? DICTID : TYPE; |
@@ -1009,6 +1012,13 @@ int flush; | |||
1009 | state->offset += BITS(state->extra); | 1012 | state->offset += BITS(state->extra); |
1010 | DROPBITS(state->extra); | 1013 | DROPBITS(state->extra); |
1011 | } | 1014 | } |
1015 | #ifdef INFLATE_STRICT | ||
1016 | if (state->offset > state->dmax) { | ||
1017 | strm->msg = (char *)"invalid distance too far back"; | ||
1018 | state->mode = BAD; | ||
1019 | break; | ||
1020 | } | ||
1021 | #endif | ||
1012 | if (state->offset > state->whave + out - left) { | 1022 | if (state->offset > state->whave + out - left) { |
1013 | strm->msg = (char *)"invalid distance too far back"; | 1023 | strm->msg = (char *)"invalid distance too far back"; |
1014 | state->mode = BAD; | 1024 | state->mode = BAD; |
@@ -1322,8 +1332,8 @@ z_streamp source; | |||
1322 | } | 1332 | } |
1323 | 1333 | ||
1324 | /* copy state */ | 1334 | /* copy state */ |
1325 | *dest = *source; | 1335 | zmemcpy(dest, source, sizeof(z_stream)); |
1326 | *copy = *state; | 1336 | zmemcpy(copy, state, sizeof(struct inflate_state)); |
1327 | copy->lencode = copy->codes + (state->lencode - state->codes); | 1337 | copy->lencode = copy->codes + (state->lencode - state->codes); |
1328 | copy->distcode = copy->codes + (state->distcode - state->codes); | 1338 | copy->distcode = copy->codes + (state->distcode - state->codes); |
1329 | copy->next = copy->codes + (state->next - state->codes); | 1339 | copy->next = copy->codes + (state->next - state->codes); |