luo980/miniz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed MSAN use-of-uninitialized in tinfl_decompress when invalid dist is decoded. In this instance dist was 31 which s_dist_base translates as 0.

Browse Source 
https://oss-fuzz.com/testcase-detail/4863557237473280
This commit is contained in:
Nathan Moinvaziri 2021-01-30 16:57:35 -08:00
parent d6566206ce
commit 60bbf6c808
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
miniz_tinfl.c
View File

@ -498,7 +498,7 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
} }
dist_from_out_buf_start = pOut_buf_cur - pOut_buf_start; dist_from_out_buf_start = pOut_buf_cur - pOut_buf_start;
if ((dist > dist_from_out_buf_start || dist_from_out_buf_start == 0) && (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF)) if ((dist == 0 || dist > dist_from_out_buf_start || dist_from_out_buf_start == 0) && (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
{ {
TINFL_CR_RETURN_FOREVER(37, TINFL_STATUS_FAILED); TINFL_CR_RETURN_FOREVER(37, TINFL_STATUS_FAILED);
} }