From: Adam Stylinski <kungfujesus06@gmail.com>
Date: Thu, 3 Oct 2024 21:17:44 +0000 (-0400)
Subject: Compute the "safe" distance properly
X-Git-Tag: 2.2.3~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3297953f816e16e5f0e755d069a25a50ca6ace4f;p=thirdparty%2Fzlib-ng.git

Compute the "safe" distance properly

The safe pointer that is computed is an exclusive, not inclusive bounds.
While we were probably rarely ever bit this, if ever, it still makes
sense to apply the limit, properly.
---

diff --git a/inffast_tpl.h b/inffast_tpl.h
index c8f47867..2600dd5a 100644
--- a/inffast_tpl.h
+++ b/inffast_tpl.h
@@ -260,7 +260,7 @@ void Z_INTERNAL INFLATE_FAST(PREFIX3(stream) *strm, uint32_t start) {
                     if (dist >= len || dist >= state->chunksize)
                         out = chunkcopy_safe(out, out - dist, len, safe);
                     else
-                        out = CHUNKMEMSET_SAFE(out, dist, len, (unsigned)((safe - out) + 1));
+                        out = CHUNKMEMSET_SAFE(out, dist, len, (unsigned)((safe - out)));
                 } else {
                     /* Whole reference is in range of current output.  No range checks are
                        necessary because we start with room for at least 258 bytes of output,