[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#63848: [PATCH] Incorrect usage of inflate() from zlib in decompress.
|
From: |
Eli Zaretskii |
|
Subject: |
bug#63848: [PATCH] Incorrect usage of inflate() from zlib in decompress.c |
|
Date: |
Fri, 02 Jun 2023 18:35:18 +0300 |
merge 63848 63832
thanks
> Date: Fri, 2 Jun 2023 16:44:25 +0530
> From: cortexauth <deepak.takumi.120@gmail.com>
>
> While building Emacs one of my friends encountered a bug where entering
> certain commands such as
> `M-x eww RET`
> After some digging in, we found this was because of Z_BUF_ERROR arising in
> decompress.c:150
>
> Per the docs (inflate (linuxbase.org)) this happens when either of in or out
> buffer runs out and there is
> no further possible progress
>
> The code makes a wrong assumption that IF `stream.avail_out` is zero, we can
> keep on inflating. It’s
> possible for `stream.avail_in` and `stream.avail_out` to be both zero at the
> same time (I don’t have a
> minimalistic test case for this yet, but I am sure that one can construct
> this with some thought)
>
> Following is the patch for the fix
>
> --
> --- a/src/decompress.c
>
> +++ b/src/decompress.c
>
> @@ -151,7 +151,7 @@ md5_gz_stream (FILE *source, void *resblock)
>
> return -1;
>
>
>
> accumulate_and_process_md5 (out, MD5_BLOCKSIZE - stream.avail_out,
> &ctx);
>
> - } while (stream.avail_in && !stream.avail_out);
>
> + } while (!stream.avail_out);
>
>
>
> } while (res != Z_STREAM_END);
> --
>
> This is also my first time contributing so I might have made mistakes in
> making a good patch (one is
> obviously my incapability to quickly think of minimal test case), so I will
> appreciate suggestions
Another duplicate of bug#63832.