diff options
| author | Ori Livneh <ori.livneh@gmail.com> | 2021-08-23 12:40:19 -0400 |
|---|---|---|
| committer | Hans Kristian Rosbach <hk-github@circlestorm.org> | 2021-09-22 16:07:40 +0200 |
| commit | 0c7524acd3b83f5bdded9d1adf775cb228c32077 (patch) | |
| tree | 5129851afd1f536c7b1dc22e18ed2dca9c0dbe2e | |
| parent | f77af71e77cdb9d41d5e3a606e2a8dd67034e387 (diff) | |
| download | Project-Tick-0c7524acd3b83f5bdded9d1adf775cb228c32077.tar.gz Project-Tick-0c7524acd3b83f5bdded9d1adf775cb228c32077.zip | |
Fix UB in inffast.c when not using window
When not using window, `window + wsize` applies a zero offset to a null pointer, which is undefined behavior.
| -rw-r--r-- | inffast.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -155,7 +155,7 @@ void Z_INTERNAL zng_inflate_fast(PREFIX3(stream) *strm, unsigned long start) { /* Detect if out and window point to the same memory allocation. In this instance it is necessary to use safe chunk copy functions to prevent overwriting the window. If the window is overwritten then future matches with far distances will fail to copy correctly. */ - extra_safe = (out >= window && out + INFLATE_FAST_MIN_LEFT <= window + wsize); + extra_safe = (wsize != 0 && out >= window && out + INFLATE_FAST_MIN_LEFT <= window + wsize); /* decode literals and length/distances until end-of-block or not enough input data or output space */ |