Fix block_open handling in deflate_quick()

[iii-i]

While tracking down #869, I stumbled upon another deflate_quick issue :-(

---

The attached test fails with "inflate() failed", because the deflate
stream that it produces ends up being corrupted. Bisect points to the
commit e7bb6db ("Replace hash_bits, hash_size and hash_mask with
defines."), but it's most likely a coincidence.

In any case, the reason is that if we happen to simultaneously exhaust
all the buffers (in, out and bi), we return finish_started without
writing the end of block symbol, which will never happen afterwards.

Fix by adding another check to the tricky condition: if we are in the
middle of a block, return need_more instead of finish_started.

[codecov]

Codecov Report

Merging #880 (2f770ff) into develop (ac18b0c) will decrease coverage by 0.12%.
The diff coverage is 55.10%.

@@             Coverage Diff             @@
##           develop     #880      +/-   ##
===========================================
- Coverage    75.56%   75.43%   -0.13%     
===========================================
  Files           72       73       +1     
  Lines         8172     8220      +48     
  Branches      1349     1359      +10     
===========================================
+ Hits          6175     6201      +26     
- Misses        1480     1494      +14     
- Partials       517      525       +8     

Flag	Coverage Δ
macos_clang	68.73% <54.16%> (-0.12%)	⬇️
macos_gcc	67.76% <50.00%> (-0.16%)	⬇️
ubuntu_clang	68.92% <55.10%> (-0.11%)	⬇️
ubuntu_clang_debug	68.36% <52.17%> (-0.12%)	⬇️
ubuntu_clang_inflate_allow_invalid_dist	68.91% <54.16%> (-0.12%)	⬇️
ubuntu_clang_inflate_strict	69.17% <54.16%> (-0.12%)	⬇️
ubuntu_clang_mmap	68.92% <54.16%> (-0.12%)	⬇️
ubuntu_clang_msan	69.17% <54.16%> (-0.12%)	⬇️
ubuntu_gcc	69.85% <54.16%> (-0.11%)	⬇️
ubuntu_gcc_aarch64	70.07% <51.11%> (-0.18%)	⬇️
ubuntu_gcc_aarch64_compat_no_opt	67.78% <45.23%> (-0.20%)	⬇️
ubuntu_gcc_aarch64_no_acle	68.30% <47.61%> (-0.19%)	⬇️
ubuntu_gcc_aarch64_no_neon	67.99% <47.61%> (-0.19%)	⬇️
ubuntu_gcc_armhf	70.49% <51.11%> (-0.18%)	⬇️
ubuntu_gcc_armhf_compat_no_opt	67.77% <45.23%> (-0.20%)	⬇️
ubuntu_gcc_armhf_no_acle	69.54% <51.11%> (-0.18%)	⬇️
ubuntu_gcc_armhf_no_neon	69.86% <51.11%> (-0.18%)	⬇️
ubuntu_gcc_armsf	70.48% <51.11%> (-0.18%)	⬇️
ubuntu_gcc_armsf_compat_no_opt	67.77% <45.23%> (-0.20%)	⬇️
ubuntu_gcc_compat_no_opt	69.14% <48.88%> (-0.18%)	⬇️
ubuntu_gcc_mingw_i686	0.00% <0.00%> (ø)
ubuntu_gcc_mingw_x86_64	0.00% <0.00%> (ø)
ubuntu_gcc_no_avx2	69.41% <47.61%> (-0.19%)	⬇️
ubuntu_gcc_no_pclmulqdq	66.52% <47.61%> (-0.17%)	⬇️
ubuntu_gcc_no_sse2	67.77% <47.61%> (-0.18%)	⬇️
ubuntu_gcc_no_sse4	66.52% <47.61%> (-0.17%)	⬇️
ubuntu_gcc_o3	69.12% <47.61%> (-0.19%)	⬇️
ubuntu_gcc_osb	70.67% <54.16%> (-0.13%)	⬇️
ubuntu_gcc_ppc	70.91% <47.61%> (-0.21%)	⬇️
ubuntu_gcc_ppc64	70.08% <47.61%> (-0.20%)	⬇️
ubuntu_gcc_ppc64le	69.06% <47.61%> (-0.20%)	⬇️
ubuntu_gcc_s390x	68.27% <47.61%> (-0.18%)	⬇️
ubuntu_gcc_sparc64	70.79% <47.61%> (-0.22%)	⬇️
win64_gcc	73.02% <50.00%> (-0.20%)	⬇️
win64_gcc_compat_no_opt	74.46% <47.72%> (-0.24%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
test/deflate_quick_block_open.c	54.16% <54.16%> (ø)
deflate_quick.c	95.55% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ac18b0c...2f770ff. Read the comment docs.

[Dead2]

@iii-i Great work on finding this, I'll release a hotfix for this.

Do you have a scripted fuzzing setup that finds these? If so, is it something you can/want to share?
Getting a local fuzzing rig set up has been on my todo ever since we got oss-fuzz in CI, but I have never had the time to read up on it.

[iii-i]

Yeah, that's essentially 08274c7 + some new modifications. I should probably open source the full repo where I develop this, and then we can think whether it would make sense to integrate this into zlib-ng.

[Dead2]

@iii-i That looks nice indeed, but as I said I have no experience with fuzzing, so I would not know how to build or run that thing 😄

Getting it into zlib-ng/zlib-ng or perhaps better, a separate zlib-ng/fuzzing (or similar) repo would be great, and would make it easier for everyone to contribute both code and testing.

[nmoinvaz]

I am getting these compiler warnings now on MSVC:

  deflate_quick_block_open.c
C:\Users\Nathan\Source\zlib-ng\test\deflate_quick_block_open.c(62,69): warning C4244: '=': conversion from '__int64' to
 'uint32_t', possible loss of data [C:\Users\Nathan\Source\zlib-ng\deflate_quick_block_open.vcxproj]
C:\Users\Nathan\Source\zlib-ng\test\deflate_quick_block_open.c(73,1): warning C4244: 'initializing': conversion from '_
_int64' to 'uint32_t', possible loss of data [C:\Users\Nathan\Source\zlib-ng\deflate_quick_block_open.vcxproj]

[iii-i]

Weird that clang and/or gcc didn't catch it. There indeed are a few casts missing in this test. I'll send a PR tomorrow.