Add Inflator::BadDistanceErr exception (Issue 414)

The improved validation and excpetion clears the Address Sanitizer and Undefined Behavior Sanitizer findings
author: Jeffrey Walton <noloader@gmail.com> 2017-05-10 18:17:12 -0400
committer: Jeffrey Walton <noloader@gmail.com> 2017-05-10 18:17:12 -0400
commit: 07dbcc3d9644b18e05c1776db2a57fe04d780965 (patch)
tree: 3a185d45ca75667c66e86582a0de8fcbc9228e6d /zinflate.cpp
parent: e456cd2275bba020e4ee3cc08381f3269df536b0 (diff)
download: cryptopp-git-07dbcc3d9644b18e05c1776db2a57fe04d780965.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/zinflate.cpp b/zinflate.cpp
index 62431771..ee15c945 100644
--- a/zinflate.cpp
+++ b/zinflate.cpp
@@ -552,12 +552,18 @@ bool Inflator::DecodeBody()
 		case DISTANCE_BITS:
 					// TODO: this surfaced during fuzzing. What do we do???
 					CRYPTOPP_ASSERT(m_distance < COUNTOF(distanceExtraBits));
-					bits = (m_distance >= COUNTOF(distanceExtraBits)) ? distanceExtraBits[29] : distanceExtraBits[m_distance];
+					if (m_distance >= COUNTOF(distanceExtraBits))
+						throw BadDistanceErr();
+					bits = distanceExtraBits[m_distance];
 					if (!m_reader.FillBuffer(bits))
 					{
 						m_nextDecode = DISTANCE_BITS;
 						break;
 					}
+					// TODO: this surfaced during fuzzing. What do we do???
+					CRYPTOPP_ASSERT(m_distance < COUNTOF(distanceStarts));
+					if (m_distance >= COUNTOF(distanceStarts))
+						throw BadDistanceErr();
 					m_distance = m_reader.GetBits(bits) + distanceStarts[m_distance];
 					OutputPast(m_literal, m_distance);
 				}
author	Jeffrey Walton <noloader@gmail.com>	2017-05-10 18:17:12 -0400
committer	Jeffrey Walton <noloader@gmail.com>	2017-05-10 18:17:12 -0400
commit	07dbcc3d9644b18e05c1776db2a57fe04d780965 (patch)
tree	3a185d45ca75667c66e86582a0de8fcbc9228e6d /zinflate.cpp
parent	e456cd2275bba020e4ee3cc08381f3269df536b0 (diff)
download	cryptopp-git-07dbcc3d9644b18e05c1776db2a57fe04d780965.tar.gz