]> git.ipfire.org Git - thirdparty/zlib-ng.git/commitdiff
projects / thirdparty / zlib-ng.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2473943)
Fixed wrong 64-bit casting in deflatePrime potentially causing bits to be lost.
authorNathan Moinvaziri <nathan@nathanm.com>
Sat, 30 May 2020 17:50:38 +0000 (10:50 -0700)
committerHans Kristian Rosbach <hk-github@circlestorm.org>
Mon, 8 Jun 2020 19:13:01 +0000 (21:13 +0200)
    Arithmetic overflow: Using operator '<<' on a 4 byte value and then casting the result to a 8 byte value.
       Cast the value to the wider type before calling operator '<<' to avoid overflow (io.2).
    Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit value.
       Results might not be an expected value.

deflate.c patch | blob | blame | history

diff --git a/deflate.c b/deflate.c
index ee31d2c407826e45d96687b92e4205257cf049d2..46f05165cc8ea6c4472acebee61c57532faa8377 100644 (file)
--- a/deflate.c
+++ b/deflate.c
@@ -581,7 +581,7 @@ int ZEXPORT PREFIX(deflatePending)(PREFIX3(stream) *strm, uint32_t *pending, int
 /* ========================================================================= */
 int ZEXPORT PREFIX(deflatePrime)(PREFIX3(stream) *strm, int bits, int value) {
     deflate_state *s;
-    int put;
+    int32_t put;
 
     if (deflateStateCheck(strm))
         return Z_STREAM_ERROR;
@@ -593,7 +593,7 @@ int ZEXPORT PREFIX(deflatePrime)(PREFIX3(stream) *strm, int bits, int value) {
         put = BIT_BUF_SIZE - s->bi_valid;
         if (put > bits)
             put = bits;
-        s->bi_buf |= (uint64_t)((value & ((1 << put) - 1)) << s->bi_valid);
+        s->bi_buf |= (((uint64_t)value & ((UINT64_C(1) << put) - 1)) << s->bi_valid);
         s->bi_valid += put;
         zng_tr_flush_bits(s);
         value >>= put;
Mirror of https://github.com/zlib-ng/zlib-ng.git