Google Git
Sign in
fuchsia / third_party / zlib / 51370f365607fe14a6a7a1a27b3bd29d788f5e5b
commit51370f365607fe14a6a7a1a27b3bd29d788f5e5b[log] [tgz]
authorMark Adler <madler@alumni.caltech.edu>Mon Feb 18 21:06:35 2013 -0800
committerMark Adler <madler@alumni.caltech.edu>Mon Feb 18 21:47:00 2013 -0800
tree09db363475af028a7b9157b949667491d132f6de
parent10056909c00bca2684340856ce20272f3fd8fa43 [diff]
Fix serious but very rare decompression bug in inftrees.c.

inftrees.c compared the number of used table entries to the maximum
allowed value using >= instead of >.  This patch fixes those to use
>.  The bug was discovered by Ignat Kolesnichenko of Yandex LC
where they have run petabytes of data through zlib.  Triggering the
bug is apparently very rare, seeing as how it has been out there in
the wild for almost three years before being discovered.  The bug
is instantiated only if the exact maximum number of decoding table
entries, ENOUGH_DISTS or ENOUGH_LENS is used by the block being
decoded, resulting in the false positive of overflowing the table.
1 file changed
tree: 09db363475af028a7b9157b949667491d132f6de
  1. amiga/
  2. as400/
  3. contrib/
  4. doc/
  5. examples/
  6. msdos/
  7. nintendods/
  8. old/
  9. qnx/
  10. test/
  11. watcom/
  12. win32/
  13. .gitignore
  14. adler32.c
  15. ChangeLog
  16. CMakeLists.txt
  17. compress.c
  18. configure
  19. crc32.c
  20. crc32.h
  21. deflate.c
  22. deflate.h
  23. FAQ
  24. gzclose.c
  25. gzguts.h
  26. gzlib.c
  27. gzread.c
  28. gzwrite.c
  29. INDEX
  30. infback.c
  31. inffast.c
  32. inffast.h
  33. inffixed.h
  34. inflate.c
  35. inflate.h
  36. inftrees.c
  37. inftrees.h
  38. make_vms.com
  39. Makefile
  40. Makefile.in
  41. README
  42. treebuild.xml
  43. trees.c
  44. trees.h
  45. uncompr.c
  46. zconf.h
  47. zconf.h.cmakein
  48. zconf.h.in
  49. zlib.3
  50. zlib.3.pdf
  51. zlib.h
  52. zlib.map
  53. zlib.pc.cmakein
  54. zlib.pc.in
  55. zlib2ansi
  56. zutil.c
  57. zutil.h