Skip to content

Commit

Permalink
Make sure inflateCopy() allocates window with the necessary buffer fo…
Browse files Browse the repository at this point in the history 
…r chunked operations.

Based on Chromium bugfix https://chromium-review.googlesource.com/c/chromium/src/+/4876445
  • Loading branch information
@Dead2
Dead2 committed Sep 27, 2023
1 parent 57a2ed9 commit a02e407
Showing 1 changed file with 10 additions and 14 deletions.
24 changes: 10 additions & 14 deletions inflate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1319,8 +1319,6 @@ int32_t Z_EXPORT PREFIX(inflateSyncPoint)(PREFIX3(stream) *strm) {
int32_t Z_EXPORT PREFIX(inflateCopy)(PREFIX3(stream) *dest, PREFIX3(stream) *source) {
struct inflate_state *state;
struct inflate_state *copy;
unsigned char *window;
unsigned wsize;

/* check input */
if (inflateStateCheck(source) || dest == NULL)
Expand All @@ -1331,15 +1329,6 @@ int32_t Z_EXPORT PREFIX(inflateCopy)(PREFIX3(stream) *dest, PREFIX3(stream) *sou
copy = ZALLOC_INFLATE_STATE(source);
if (copy == NULL)
return Z_MEM_ERROR;
window = NULL;
if (state->window != NULL) {
wsize = 1U << state->wbits;
window = (unsigned char *)ZALLOC_WINDOW(source, wsize, sizeof(unsigned char));
if (window == NULL) {
ZFREE_STATE(source, copy);
return Z_MEM_ERROR;
}
}

/* copy state */
memcpy((void *)dest, (void *)source, sizeof(PREFIX3(stream)));
Expand All @@ -1350,10 +1339,17 @@ int32_t Z_EXPORT PREFIX(inflateCopy)(PREFIX3(stream) *dest, PREFIX3(stream) *sou
copy->distcode = copy->codes + (state->distcode - state->codes);
}
copy->next = copy->codes + (state->next - state->codes);
if (window != NULL) {
ZCOPY_WINDOW(window, state->window, (size_t)1U << state->wbits);

/* window */
if (state->window != NULL) {
copy->window = NULL;
if (PREFIX(inflate_ensure_window)(copy)) {
ZFREE_STATE(source, copy);
return Z_MEM_ERROR;

Check warning on line 1348 in inflate.c

View check run for this annotation

Codecov / codecov/patch

inflate.c#L1347-L1348 

Added lines #L1347 - L1348 were not covered by tests
}
ZCOPY_WINDOW(copy->window, state->window, (size_t)state->wsize);
}
copy->window = window;

dest->state = (struct internal_state *)copy;
return Z_OK;
}
Expand Down

0 comments on commit a02e407

Please sign in to comment.