Correct a buffer overflow which occurred in the handling of some
particularly corrupt deflated data streams. Security: FreeBSD-SA-05:16.zlib Approved by: re (security blanket)
This commit is contained in:
parent
bc5627d91f
commit
8d284299a9
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=147790
@ -134,7 +134,7 @@ unsigned short FAR *work;
|
||||
left -= count[len];
|
||||
if (left < 0) return -1; /* over-subscribed */
|
||||
}
|
||||
if (left > 0 && (type == CODES || (codes - count[0] != 1)))
|
||||
if (left > 0 && (type == CODES || max != 1))
|
||||
return -1; /* incomplete set */
|
||||
|
||||
/* generate offsets into symbol table for each length for sorting */
|
||||
|
Loading…
Reference in New Issue
Block a user