d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

zlib: Fix extra field processing bug that dereferences NULL state->head.

Browse Source 
The recent commit to fix a gzip header extra field processing bug
introduced the new bug fixed here.

(cherry picked from zlib commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d)
This commit is contained in:
Mark Adler 2022-08-08 10:50:09 -07:00 committed by Ed Maste
parent d387a1b4b1
commit 2969066f73
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/contrib/zlib/inflate.c
View File

@ -763,10 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL &&
len < state->head->extra_max) {
(len = state->head->extra_len - state->length) <
state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);