git: 2969066f73fc - main - zlib: Fix extra field processing bug that dereferences NULL state->head.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 08 Aug 2022 18:20:43 UTC
The branch main has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=2969066f73fc67a614144ac09b9f3f5291937fed
commit 2969066f73fc67a614144ac09b9f3f5291937fed
Author: Mark Adler <fork@madler.net>
AuthorDate: 2022-08-08 17:50:09 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-08-08 18:19:27 +0000
zlib: Fix extra field processing bug that dereferences NULL state->head.
The recent commit to fix a gzip header extra field processing bug
introduced the new bug fixed here.
(cherry picked from zlib commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d)
---
sys/contrib/zlib/inflate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/contrib/zlib/inflate.c b/sys/contrib/zlib/inflate.c
index 345366eed406..d4b4a0978656 100644
--- a/sys/contrib/zlib/inflate.c
+++ b/sys/contrib/zlib/inflate.c
@@ -763,10 +763,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
- len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL &&
- len < state->head->extra_max) {
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);