From: Mark Adler <madler@alumni.caltech.edu>
Date: Sun, 12 Feb 2017 07:54:17 +0000 (-0800)
Subject: Return an error if the gzputs string length can't fit in an int.
X-Git-Tag: 1.9.9-b1~570
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b537b16163068053523027a8b1506cfbb01504f2;p=thirdparty%2Fzlib-ng.git

Return an error if the gzputs string length can't fit in an int.
---

diff --git a/gzwrite.c b/gzwrite.c
index 66180913a..20e1d5c63 100644
--- a/gzwrite.c
+++ b/gzwrite.c
@@ -320,8 +320,7 @@ int ZEXPORT PREFIX(gzputc)(gzFile file, int c) {
 
 /* -- see zlib.h -- */
 int ZEXPORT PREFIX(gzputs)(gzFile file, const char *s) {
-    int ret;
-    size_t len;
+    size_t len, put;
     gz_state *state;
 
     /* get internal structure */
@@ -335,8 +334,12 @@ int ZEXPORT PREFIX(gzputs)(gzFile file, const char *s) {
 
     /* write string */
     len = strlen(s);
-    ret = (int)gz_write(state, s, len);
-    return ret == 0 && len != 0 ? -1 : ret;
+    if ((int)len < 0 || (unsigned)len != len) {
+        gz_error(state, Z_STREAM_ERROR, "string length does not fit in int");
+        return -1;
+    }
+    put = gz_write(state, s, len);
+    return put < len ? -1 : (int)len;
 }
 
 /* -- see zlib.h -- */