git: 9854ff088002 - releng/13.0 - Assure that the number of bits for deflatePrime() is valid.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 06 Apr 2022 03:04:19 UTC
The branch releng/13.0 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=9854ff0880022ebc0bd955a57bc1322228790f99
commit 9854ff0880022ebc0bd955a57bc1322228790f99
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-04-05 23:33:30 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-05 23:33:30 +0000
Assure that the number of bits for deflatePrime() is valid.
Cherry picked from zlib 4346a16853e19b45787ce933666026903fb8f3f8
Approved by: so
Security: FreeBSD-SA-22:08.zlib
---
sys/contrib/zlib/deflate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/contrib/zlib/deflate.c b/sys/contrib/zlib/deflate.c
index edbeec0dd09a..f453517668ca 100644
--- a/sys/contrib/zlib/deflate.c
+++ b/sys/contrib/zlib/deflate.c
@@ -589,7 +589,8 @@ int ZEXPORT deflatePrime (strm, bits, value)
if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
s = strm->state;
- if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+ if (bits < 0 || bits > 16 ||
+ s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
return Z_BUF_ERROR;
do {
put = Buf_size - s->bi_valid;