mchapman/zlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix bug that accepted invalid zlib header when windowBits is zero.

Browse Source 
When windowBits is zero, the size of the sliding window comes from
the zlib header.  The allowed values of the four-bit field are
0..7, but when windowBits is zero, values greater than 7 are
permitted and acted upon, resulting in large, mostly unused memory
allocations.  This fix rejects such invalid zlib headers.
This commit is contained in:
Mark Adler
2015-11-26 22:52:25 -08:00
parent 8f1b3744e5
commit 6cef1de740
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inflate.c
View File

@@ -674,7 +674,7 @@ int flush;
len = BITS(4) + 8; len = BITS(4) + 8;
if (state->wbits == 0) if (state->wbits == 0)
state->wbits = len; state->wbits = len;
else if (len > state->wbits) { if (len > 15 || len > state->wbits) {
strm->msg = (char *)"invalid window size"; strm->msg = (char *)"invalid window size";
state->mode = BAD; state->mode = BAD;
break; break;