Skip to content

Commit

Permalink
Fix a bug when getting a gzip header extra field with inflate().
Browse files Browse the repository at this point in the history 
If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
  • Loading branch information
@tabudz
tabudz committed Mar 3, 2025
1 parent e8b6c05 commit cbc6be7
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions dlib/external/zlib/inflate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -758,9 +758,10 @@ int flush;
copy = state->length;
if (copy > have) copy = have;
if (copy) {
len = state->head->extra_len - state->length;
if (state->head != Z_NULL &&
state->head->extra != Z_NULL) {
len = state->head->extra_len - state->length;
state->head->extra != Z_NULL &&
len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);
Expand Down

0 comments on commit cbc6be7

Please sign in to comment.