aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJörn Engel <joern@wohnheim.fh-wedel.de>2003-06-07 19:51:40 -0700
committerLinus Torvalds <torvalds@home.transmeta.com>2003-06-07 19:51:40 -0700
commit113d52f54537f63a723f6922f7d74f3c391dd66c (patch)
tree0c54726890715f2a8d7e647a0f3e89cc306c3da4 /lib
parentcaa5b9b8b83de4ef110efb8f25266ae82632a223 (diff)
downloadhistory-113d52f54537f63a723f6922f7d74f3c391dd66c.tar.gz
[PATCH] zlib merge: avoid 8-bit window errors
More merging from zlib-1.1.4 force windowBits > 8 to avoid a bug in the encoder for a window size of 256 bytes. (A complete fix will be available in 1.1.5). James Carlson: The problem is that s->strstart gets set to a very large positive integer when wsize (local copy of s->w_size) is subtracted in deflate.c:fill_window(). This happens because MAX_DIST(s) resolves as a negative number when the window size is 8 -- MAX_DIST(s) is defined as s->w_size-MIN_LOOKAHEAD in deflate.h. MIN_LOOKAHEAD is MAX_MATCH+MIN_MATCH+1, and that is 258+3+1 or 262. Since a window size of 8 gives s->w_size 256, MAX_DIST(s) is 256-262 or -6. This results in read_buf() writing over memory outside of s->window, and a crash.
Diffstat (limited to 'lib')
-rw-r--r--lib/zlib_deflate/deflate.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/zlib_deflate/deflate.c b/lib/zlib_deflate/deflate.c
index 8db61c40dd8162..c655eec2b65887 100644
--- a/lib/zlib_deflate/deflate.c
+++ b/lib/zlib_deflate/deflate.c
@@ -216,7 +216,7 @@ int zlib_deflateInit2_(
windowBits = -windowBits;
}
if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
- windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
+ windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
return Z_STREAM_ERROR;
}
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-25 02:46:16 +0000