From: Nathan Moinvaziri <nathan@nathanm.com>
Date: Sat, 30 May 2020 17:50:38 +0000 (-0700)
Subject: Fixed wrong 64-bit casting in deflatePrime potentially causing bits to be lost.
X-Git-Tag: 1.9.9-b1~235
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7305d1f82161f249c4acd4eea41e611c4f41cd3;p=thirdparty%2Fzlib-ng.git

Fixed wrong 64-bit casting in deflatePrime potentially causing bits to be lost.

    Arithmetic overflow: Using operator '<<' on a 4 byte value and then casting the result to a 8 byte value.
       Cast the value to the wider type before calling operator '<<' to avoid overflow (io.2).
    Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit value.
       Results might not be an expected value.
---

diff --git a/deflate.c b/deflate.c
index ee31d2c40..46f05165c 100644
--- a/deflate.c
+++ b/deflate.c
@@ -581,7 +581,7 @@ int ZEXPORT PREFIX(deflatePending)(PREFIX3(stream) *strm, uint32_t *pending, int
 /* ========================================================================= */
 int ZEXPORT PREFIX(deflatePrime)(PREFIX3(stream) *strm, int bits, int value) {
     deflate_state *s;
-    int put;
+    int32_t put;
 
     if (deflateStateCheck(strm))
         return Z_STREAM_ERROR;
@@ -593,7 +593,7 @@ int ZEXPORT PREFIX(deflatePrime)(PREFIX3(stream) *strm, int bits, int value) {
         put = BIT_BUF_SIZE - s->bi_valid;
         if (put > bits)
             put = bits;
-        s->bi_buf |= (uint64_t)((value & ((1 << put) - 1)) << s->bi_valid);
+        s->bi_buf |= (((uint64_t)value & ((UINT64_C(1) << put) - 1)) << s->bi_valid);
         s->bi_valid += put;
         zng_tr_flush_bits(s);
         value >>= put;