From 440d4287455065efca40454c92936c65119b1bf6 Mon Sep 17 00:00:00 2001 From: Nathan Moinvaziri Date: Thu, 19 Sep 2019 22:11:43 -0700 Subject: [PATCH] Fixed assert during inflate fast when len < sizeof(uint64_t). --- inffast.c | 2 +- memcopy.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inffast.c b/inffast.c index 62cb9513..dc282dc0 100644 --- a/inffast.c +++ b/inffast.c @@ -310,7 +310,7 @@ void ZLIB_INTERNAL zng_inflate_fast(PREFIX3(stream) *strm, unsigned long start) if (dist >= len || dist >= INFFAST_CHUNKSIZE) out = chunkcopy(out, out - dist, len); else - out = chunkmemset(out, dist, len); + out = chunkmemsetsafe(out, dist, len, len); #else if (len < sizeof(uint64_t)) out = set_bytes(out, out - dist, dist, len); diff --git a/memcopy.h b/memcopy.h index b95ab29d..e67c7919 100644 --- a/memcopy.h +++ b/memcopy.h @@ -298,7 +298,7 @@ static inline unsigned char *chunkmemset(unsigned char *out, unsigned dist, unsi } static inline unsigned char* chunkmemsetsafe(unsigned char *out, unsigned dist, unsigned len, unsigned left) { - if (left < (unsigned)(3 * INFFAST_CHUNKSIZE)) { + if (len < sizeof(uint64_t) || left < (unsigned)(3 * INFFAST_CHUNKSIZE)) { while (len > 0) { *out = *(out - dist); out++; -- 2.47.2