diff options
| author | Mark Adler <madler@alumni.caltech.edu> | 2023-02-17 00:06:32 -0800 |
|---|---|---|
| committer | Mark Adler <madler@alumni.caltech.edu> | 2023-02-17 00:06:32 -0800 |
| commit | 12b345c4309b37ab905e7e702021c1c2d2c095cc (patch) | |
| tree | a05fba37e155d16fced4e198644ec624791412ed /inflate.c | |
| parent | fa8cd50ada68b873c754766bc73b12080b7b309e (diff) | |
| download | zlib-12b345c4309b37ab905e7e702021c1c2d2c095cc.tar.gz zlib-12b345c4309b37ab905e7e702021c1c2d2c095cc.tar.bz2 zlib-12b345c4309b37ab905e7e702021c1c2d2c095cc.zip | |
Assure that inflatePrime() can't shift a 32-bit integer by 32 bits.
The inflate() functions never leave state->bits greater than 24, so
an inflatePrime() call could not cause this. The only way this
could have happened would be by using inflatePrime() to fill the
bit buffer with 32 bits, and then calling inflatePrime() a *second*
time asking to insert zero bits, for some reason. This commit
assures that a shift by 32 bits does not occur even in that case.
Diffstat (limited to 'inflate.c')
| -rw-r--r-- | inflate.c | 2 |
1 files changed, 2 insertions, 0 deletions
| @@ -255,6 +255,8 @@ int value; | |||
| 255 | struct inflate_state FAR *state; | 255 | struct inflate_state FAR *state; |
| 256 | 256 | ||
| 257 | if (inflateStateCheck(strm)) return Z_STREAM_ERROR; | 257 | if (inflateStateCheck(strm)) return Z_STREAM_ERROR; |
| 258 | if (bits == 0) | ||
| 259 | return Z_OK; | ||
| 258 | state = (struct inflate_state FAR *)strm->state; | 260 | state = (struct inflate_state FAR *)strm->state; |
| 259 | if (bits < 0) { | 261 | if (bits < 0) { |
| 260 | state->hold = 0; | 262 | state->hold = 0; |