From e680017bae901240e8894062c0b0a3020eca42c1 Mon Sep 17 00:00:00 2001
From: iibclothier <bclothier@itimpact.com>
Date: Wed, 18 Dec 2024 08:04:53 -0600
Subject: [PATCH] Add a check to guard against potential infinite loop when
 given a bad zip file. See
 https://github.com/Edward-L/my-cve-list/blob/master/miniz/README.md and
 https://nvd.nist.gov/vuln/detail/CVE-2018-12913 for details.

---
 miniz_tinfl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/miniz_tinfl.c b/miniz_tinfl.c
index f7c8815..d5671b4 100644
--- a/miniz_tinfl.c
+++ b/miniz_tinfl.c
@@ -489,6 +489,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         }
                         bit_buf >>= code_len;
                         num_bits -= code_len;
+                        
+                        //assert(sym2 != 0 && counter != 0);
+                        if (sym2 == 0 && counter == 0)
+                        {
+                            TINFL_CR_RETURN_FOREVER(40, TINFL_STATUS_FAILED);
+                        }
 
                         pOut_buf_cur[0] = (mz_uint8)counter;
                         if (sym2 & 256)