Mark Adler [Sat, 3 Dec 2016 16:29:57 +0000 (08:29 -0800)]
Don't need to emit an empty fixed block when changing parameters.
gzsetparams() was using Z_PARTIAL_FLUSH when it could use Z_BLOCK
instead. This commit uses Z_BLOCK, which avoids emitting an
unnecessary ten bits into the stream.
Mark Adler [Sat, 3 Dec 2016 16:18:56 +0000 (08:18 -0800)]
Clean up gz* function return values.
In some cases the return values did not match the documentation,
or the documentation did not document all of the return values.
gzprintf() now consistently returns negative values on error,
which matches the behavior of the stdio fprintf() function.
Mark Adler [Sat, 5 Nov 2016 15:43:29 +0000 (08:43 -0700)]
Speed up deflation for level 0 (storing).
The previous code slid the window and the hash table and copied
every input byte three times in order to just write the data as
stored blocks with no compression. This commit minimizes sliding
and copying, especially for large input and output buffers.
Level 0 compression is now more than 20 times faster than before
the commit.
Most of the speedup is due to deferring hash table slides until
deflateParams() is called to change the compression level away
from 0. More speedup is due to copying directly from next_in to
next_out when the amounts of available input data and output space
permit it, avoiding the intermediate pending buffer. Additionally,
only the last 32K of the used input data is copied back to the
sliding window when large input buffers are provided.
Mark Adler [Wed, 23 Nov 2016 07:29:19 +0000 (23:29 -0800)]
Assure that deflateParams() will not switch functions mid-block.
This alters the specification in zlib.h, so that deflateParams()
will not change any parameters if there is not enough output space
in the event that a block is emitted in order to allow switching
the compression function.
Mark Adler [Sun, 30 Oct 2016 16:25:32 +0000 (09:25 -0700)]
Use memcpy for stored blocks.
This speeds up level 0 by about a factor of three, as compared to
the previous byte-at-a-time loop. We can do much better though. A
later commit avoids this copy for level 0 with large buffers,
instead copying directly from the input to the output. This commit
still speeds up storing incompressible data found when compressing
normally.
Original patch notes:
This updates the OS_CODE determination at compile time to match as
closely as possible the operating system mappings documented in
the PKWare APPNOTE.TXT version 6.3.4, section 4.4.2.2. That byte
in the gzip header is used by nobody for anything, as far as I can
tell. However we might as well try to set it appropriately.
Mark Adler [Tue, 25 Oct 2016 03:11:41 +0000 (20:11 -0700)]
Do a more thorough check of the state for every stream call.
This verifies that the state has been initialized, that it is the
expected type of state, deflate or inflate, and that at least the
first several bytes of the internal state have not been clobbered.
Mark Adler [Mon, 24 Oct 2016 22:52:19 +0000 (15:52 -0700)]
Reject a window size of 256 bytes if not using the zlib wrapper.
There is a bug in deflate for windowBits == 8 (256-byte window).
As a result, zlib silently changes a request for 8 to a request
for 9 (512-byte window), and sets the zlib header accordingly so
that the decompressor knows to use a 512-byte window. However if
deflateInit2() is used for raw deflate or gzip streams, then there
is no indication that the request was not honored, and the
application might assume that it can use a 256-byte window when
decompressing. This commit returns an error if the user requests
a 256-byte window when using raw deflate or gzip encoding.
Mark Adler [Tue, 4 Oct 2016 05:33:26 +0000 (22:33 -0700)]
Note the violation of the strict aliasing rule in crc32.c.
See the comment for more details. This is in response to an issue
raised as a result of a security audit of the zlib code by Trail
of Bits and TrustInSoft, in support of the Mozilla Foundation.
Mark Adler [Thu, 29 Sep 2016 03:20:25 +0000 (20:20 -0700)]
Avoid pre-decrement of pointer in big-endian CRC calculation.
There was a small optimization for PowerPCs to pre-increment a
pointer when accessing a word, instead of post-incrementing. This
required prefacing the loop with a decrement of the pointer,
possibly pointing before the object passed. This is not compliant
with the C standard, for which decrementing a pointer before its
allocated memory is undefined. When tested on a modern PowerPC
with a modern compiler, the optimization no longer has any effect.
Due to all that, and per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.
Mark Adler [Thu, 22 Sep 2016 06:35:50 +0000 (23:35 -0700)]
Remove offset pointer optimization in inftrees.c.
inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.
Mark Adler [Thu, 22 Sep 2016 05:25:21 +0000 (22:25 -0700)]
Use post-increment only in inffast.c.
An old inffast.c optimization turns out to not be optimal anymore
with modern compilers, and furthermore was not compliant with the
C standard, for which decrementing a pointer before its allocated
memory is undefined. Per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.
Mark Adler [Wed, 21 Sep 2016 01:49:21 +0000 (18:49 -0700)]
Add option to not compute or check check values.
The undocumented (except in these commit comments) function
inflateValidate(strm, check) can be called after an inflateInit(),
inflateInit2(), or inflateReset2() with check equal to zero to
turn off the check value (CRC-32 or Adler-32) computation and
comparison. Calling with check not equal to zero turns checking
back on. This should only be called immediately after the init or
reset function. inflateReset() does not change the state, so a
previous inflateValidate() setting will remain in effect.
This also turns off validation of the gzip header CRC when
present.
This should only be used when a zlib or gzip stream has already
been checked, and repeated decompressions of the same stream no
longer need to be validated.
Mika Lindqvist [Sun, 27 Mar 2016 12:02:54 +0000 (15:02 +0300)]
Merge insert_string and bulk_insert_str.
** Partial merge of this commit, based on a8c94e9f5a3b9d3c62182bcf84e72304a3c1a6e5
Excludes changes to fill_window_sse.c, changes to fill_window_c() in deflate.c
and several unrelated changes in the commit.
Daniel Axtens [Wed, 29 Apr 2015 06:20:37 +0000 (16:20 +1000)]
Add test for CVE-2004-0797
CVE-2004-0797[0] occured when an error was detected but no action
was taken --- that is, execution was allowed to continue.
One of the tests for CVE-2005-2096 actually hit the code path that
was fixed in the patch for CVE-2004-0797.
This occured because all the fuzzing was done on zlib 1.2.1, and
zlib 1.2.2 fixed this bug but not the 2005 CVEs. It was detected by
running the test cases against zlib 1.2.2.
The relevant bits of the zlib 1.2.2 patch are [1] and [2].
Daniel Axtens [Wed, 29 Apr 2015 04:56:57 +0000 (14:56 +1000)]
Add test cases for CVE-2005-1849 and CVE-2005-2096
CVE-2005-1849[0] is an overflow of a fixed size buffer defined in
inftrees.h
CVE-2005-2096[1] is an overflow caused by insufficient input
validation of code trees[2].
This makes sure we don't accidentally reintroduce them.
zlib-1.2.1 was download and fuzz tested using AFL[3]. The crashing
cases were discovered. A patch for 1849 was then applied, and used to
determine which cases hit only that bug, and which ones hit 2096.
Daniel Axtens [Mon, 27 Apr 2015 06:17:21 +0000 (16:17 +1000)]
Add test for CVE-2002-0059
CVE-2002-0059 was a double free in inflation. [0]
This makes sure we don't accidentally reintroduce it.
zlib-1.1.3 was download and fuzz tested using AFL[1].
This crashing case (test.gz) was discovered, and using gdb it was
confirmed to be a double free in the expected place.
The test script looks for a normal error exit (status code 1),
and fails if any other code is returned.
Daniel Axtens [Mon, 27 Apr 2015 05:49:43 +0000 (15:49 +1000)]
Add test for CVE-2003-0107
CVE-2003-0107[0] was a bug where zlib 1.1.4 failed to validate whether
arguments to gzprintf() fit within an internal buffer.
We should make sure that in refactoring we don't regress. Therefore,
build the sample code supplied in the original report [1], and check
if it crashes.
Daniel Axtens [Wed, 29 Apr 2015 05:35:04 +0000 (15:35 +1000)]
Properly bail out when a test fails.
At an earlier point in development, shared libs were failing on Travis
but the overall build was succeeding. Stop that from happening by
bailing out harder.
Add support for internal attribute, the advantage of this over hidden
is for example that the compiler can safely assume that pointers to
functions declared internal can never be passed externally.
This allows the compiler to consider optimizations otherwise impossible.
Evan Nemerson [Tue, 15 Mar 2016 03:48:46 +0000 (20:48 -0700)]
Fix endianness-detection code on Solaris 11.
Solaris doesn't have sys/endian.h or endian.h, it has sys/byteorder.h,
which doesn't define BYTE_ORDER, it defines either _LITTLE_ENDIAN or
_BIG_ENDIAN.
Mark Adler [Fri, 27 Nov 2015 06:52:25 +0000 (22:52 -0800)]
Fix bug that accepted invalid zlib header when windowBits is zero.
When windowBits is zero, the size of the sliding window comes from
the zlib header. The allowed values of the four-bit field are
0..7, but when windowBits is zero, values greater than 7 are
permitted and acted upon, resulting in large, mostly unused memory
allocations. This fix rejects such invalid zlib headers.
projects / thirdparty / zlib-ng.git / log
