From 101589d3503d956ca79b7e41714fdfcb616e429b Mon Sep 17 00:00:00 2001
From: Hans Wennborg <hans@chromium.org>
Date: Mon, 29 Jan 2024 16:39:52 -0800
Subject: [PATCH] Fix pending buffer overflow assert with LIT_MEM allocation.

Since each element in s->d_buf is 2 bytes, the sx index should be
multiplied by 2 in the assert.

Fixes madler/zlib#897

madler/zlib#ee474ff2d11715485a87b123edbdd615ba218b88
---
 trees.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/trees.c b/trees.c
index d10f4a49..e3e02a48 100644
--- a/trees.c
+++ b/trees.c
@@ -738,7 +738,7 @@ static void compress_block(deflate_state *s, const ct_data *ltree, const ct_data
 
             /* Check for no overlay of pending_buf on needed symbols */
 #ifdef LIT_MEM
-            Assert(s->pending < (s->lit_bufsize << 1) + sx, "pending_buf overflow");
+            Assert(s->pending < 2 * (s->lit_bufsize + sx), "pending_buf overflow");
 #else
             Assert(s->pending < s->lit_bufsize + sx, "pending_buf overflow");
 #endif
-- 
2.47.2