Add a check to guard against potential infinite loop when given a bad zip file. See https://github.com/Edward-L/my-cve-list/blob/master/miniz/README.md

and https://nvd.nist.gov/vuln/detail/CVE-2018-12913 for details.
2024-12-18 08:04:53 -06:00 · 2024-12-18 08:04:53 -06:00 · e680017bae
commit e680017bae
parent 293d4db1b7
1 changed files with 6 additions and 0 deletions
--- a/miniz_tinfl.c
+++ b/miniz_tinfl.c
@ -489,6 +489,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                        }
                        bit_buf >>= code_len;
                        num_bits -= code_len;
+                        
+                        //assert(sym2 != 0 && counter != 0);
+                        if (sym2 == 0 && counter == 0)
+                        {
+                            TINFL_CR_RETURN_FOREVER(40, TINFL_STATUS_FAILED);
+                        }

                        pOut_buf_cur[0] = (mz_uint8)counter;
                        if (sym2 & 256)