The C standard says that bit shifts of negative integers is undefined. This casts to unsigned values to assure a known result.
- Loading branch information
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1506,9 +1506,10 @@ z_streamp strm; | |
| { | ||
| struct inflate_state FAR *state; | ||
|
|
||
| if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; | ||
| if (strm == Z_NULL || strm->state == Z_NULL) | ||
| return (long)(((unsigned long)0 - 1) << 16); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
madler
Author
Owner
|
||
| state = (struct inflate_state FAR *)strm->state; | ||
| return ((long)(state->back) << 16) + | ||
| return (long)(((unsigned long)((long)state->back)) << 16) + | ||
| (state->mode == COPY ? state->length : | ||
| (state->mode == MATCH ? state->was - state->length : 0)); | ||
| } | ||
|
|
||
2 comments
on commit e54e129
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. See 2edb94a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is CVE-2016-9842.
What's the need for
(unsigned long)0 - 1? Why not simply(unsigned long)-1?