From: Ori Livneh Date: Mon, 23 Aug 2021 16:40:19 +0000 (-0400) Subject: Fix UB in inffast.c when not using window X-Git-Tag: 2.1.0-beta1~513 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c7524acd3b83f5bdded9d1adf775cb228c32077;p=thirdparty%2Fzlib-ng.git Fix UB in inffast.c when not using window When not using window, `window + wsize` applies a zero offset to a null pointer, which is undefined behavior. --- diff --git a/inffast.c b/inffast.c index de71271b2..2c3add3a8 100644 --- a/inffast.c +++ b/inffast.c @@ -155,7 +155,7 @@ void Z_INTERNAL zng_inflate_fast(PREFIX3(stream) *strm, unsigned long start) { /* Detect if out and window point to the same memory allocation. In this instance it is necessary to use safe chunk copy functions to prevent overwriting the window. If the window is overwritten then future matches with far distances will fail to copy correctly. */ - extra_safe = (out >= window && out + INFLATE_FAST_MIN_LEFT <= window + wsize); + extra_safe = (wsize != 0 && out >= window && out + INFLATE_FAST_MIN_LEFT <= window + wsize); /* decode literals and length/distances until end-of-block or not enough input data or output space */