luo980/miniz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a check to guard against potential infinite loop when given a bad zip file. See https://github.com/Edward-L/my-cve-list/blob/master/miniz/README.md

Browse Source 
and https://nvd.nist.gov/vuln/detail/CVE-2018-12913 for details.
This commit is contained in:
iibclothier 2024-12-18 08:04:53 -06:00
parent 293d4db1b7
commit e680017bae
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
miniz_tinfl.c
View File

@ -489,6 +489,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
} }
bit_buf >>= code_len; bit_buf >>= code_len;
num_bits -= code_len; num_bits -= code_len;
//assert(sym2 != 0 && counter != 0);
if (sym2 == 0 && counter == 0)
{
TINFL_CR_RETURN_FOREVER(40, TINFL_STATUS_FAILED);
}
pOut_buf_cur[0] = (mz_uint8)counter; pOut_buf_cur[0] = (mz_uint8)counter;
if (sym2 & 256) if (sym2 & 256)