diff options
| author | Mark Adler <madler@alumni.caltech.edu> | 2023-02-17 00:06:32 -0800 |
|---|---|---|
| committer | Hans Kristian Rosbach <hk-git@circlestorm.org> | 2023-04-26 14:01:14 +0200 |
| commit | 045a278d86ffaeb455682618e2bc208059b72f5d (patch) | |
| tree | 13b6295f824b77a897a3a153aab6e5a0605d931d | |
| parent | 3f06cece6be2e1bfe7b60d17e5ef823535ec9d0c (diff) | |
| download | Project-Tick-045a278d86ffaeb455682618e2bc208059b72f5d.tar.gz Project-Tick-045a278d86ffaeb455682618e2bc208059b72f5d.zip | |
Assure that inflatePrime() can't shift a 32-bit integer by 32 bits.
The inflate() functions never leave state->bits greater than 24, so
an inflatePrime() call could not cause this. The only way this
could have happened would be by using inflatePrime() to fill the
bit buffer with 32 bits, and then calling inflatePrime() a *second*
time asking to insert zero bits, for some reason. This commit
assures that a shift by 32 bits does not occur even in that case.
| -rw-r--r-- | inflate.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -190,6 +190,8 @@ int32_t Z_EXPORT PREFIX(inflatePrime)(PREFIX3(stream) *strm, int32_t bits, int32 if (inflateStateCheck(strm)) return Z_STREAM_ERROR; + if (bits == 0) + return Z_OK; INFLATE_PRIME_HOOK(strm, bits, value); /* hook for IBM Z DFLTCC */ state = (struct inflate_state *)strm->state; if (bits < 0) { |