diff options
author | Mark Adler <madler@alumni.caltech.edu> | 2011-09-09 23:24:33 -0700 |
---|---|---|
committer | Mark Adler <madler@alumni.caltech.edu> | 2011-09-09 23:24:33 -0700 |
commit | 0484693e1723bbab791c56f95597bd7dbe867d03 (patch) | |
tree | 8f31dbed98b4390da74a90b484f2accf8f8a3a8e /inffast.c | |
parent | 9811b53dd9e8f67015c7199fff12b5bfc6965330 (diff) | |
download | zlib-0484693e1723bbab791c56f95597bd7dbe867d03.tar.gz |
zlib 1.2.2.2v1.2.2.2
Diffstat (limited to 'inffast.c')
-rw-r--r-- | inffast.c | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -74,6 +74,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ unsigned char FAR *out; /* local strm->next_out */ unsigned char FAR *beg; /* inflate()'s initial strm->next_out */ unsigned char FAR *end; /* while out < end, enough space available */ +#ifdef INFLATE_STRICT + unsigned dmax; /* maximum distance from zlib header */ +#endif unsigned wsize; /* window size or zero if not using window */ unsigned whave; /* valid bytes in the window */ unsigned write; /* window write index */ @@ -98,6 +101,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ out = strm->next_out - OFF; beg = out - (start - strm->avail_out); end = out + (strm->avail_out - 257); +#ifdef INFLATE_STRICT + dmax = state->dmax; +#endif wsize = state->wsize; whave = state->whave; write = state->write; @@ -167,6 +173,13 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ } } dist += (unsigned)hold & ((1U << op) - 1); +#ifdef INFLATE_STRICT + if (dist > dmax) { + strm->msg = (char *)"invalid distance too far back"; + state->mode = BAD; + break; + } +#endif hold >>= op; bits -= op; Tracevv((stderr, "inflate: distance %u\n", dist)); |