Fixed assert during inflate fast when len < sizeof(uint64_t).

diff --git a/inffast.c b/inffast.c
index 62cb9513afdc1e6aa11004c5f1c80e7393147709..dc282dc0d46a95d49e273f2fbb86aaf56f2b21d1 100644 (file)
--- a/inffast.c
+++ b/inffast.c
@@ -310,7 +310,7 @@ void ZLIB_INTERNAL zng_inflate_fast(PREFIX3(stream) *strm, unsigned long start)
                     if (dist >= len || dist >= INFFAST_CHUNKSIZE)
                         out = chunkcopy(out, out - dist, len);
                     else
-                        out = chunkmemset(out, dist, len);
+                        out = chunkmemsetsafe(out, dist, len, len);
 #else
                     if (len < sizeof(uint64_t))
                       out = set_bytes(out, out - dist, dist, len);

diff --git a/memcopy.h b/memcopy.h
index b95ab29d3fd7f85dda7be730628f36d6ecd759da..e67c79190ca7e7fb34c3fa4a4f75df8c455d1e71 100644 (file)
--- a/memcopy.h
+++ b/memcopy.h
@@ -298,7 +298,7 @@ static inline unsigned char *chunkmemset(unsigned char *out, unsigned dist, unsi
 }
 
 static inline unsigned char* chunkmemsetsafe(unsigned char *out, unsigned dist, unsigned len, unsigned left) {
-    if (left < (unsigned)(3 * INFFAST_CHUNKSIZE)) {
+    if (len < sizeof(uint64_t) || left < (unsigned)(3 * INFFAST_CHUNKSIZE)) {
         while (len > 0) {
           *out = *(out - dist);
           out++;