summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2018-02-04 00:15:29 +0100
committerDenys Vlasenko <vda.linux@googlemail.com>2018-02-04 00:15:29 +0100
commit2598915d43d7403e72d312ac426e585499e94173 (patch)
treecb1e0e0decc6872e42081274647c8ec8786f8155
parent0e60a36c929e57e47d5de8e1ac0e53d4ec185a70 (diff)
gunzip: fix from gzip-1.3.12 for gzip file with all zero length codes
Corresponding changelog from gzip-1.3.12 reads: """ 2006-12-20 Paul Eggert <eggert@cs.ucla.edu> * inflate.c (huft_build): Fix regression that caused gzip to refuse to uncompress null input (all zero length codes). Problem reported by Yiorgos Adamopoulos. This regression was caused by the security patch installed 2006-11-20, which in turn came from Debian, which in turn apparently came from Thomas Biege of SuSe. """ function old new delta huft_build 1176 1216 +40 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--archival/libarchive/decompress_gunzip.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
index edff7e0e5..9a58d10d4 100644
--- a/archival/libarchive/decompress_gunzip.c
+++ b/archival/libarchive/decompress_gunzip.c
@@ -280,8 +280,8 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
/* Given a list of code lengths and a maximum table size, make a set of
* tables to decode that set of codes. Return zero on success, one if
* the given code set is incomplete (the tables are still built in this
- * case), two if the input is invalid (all zero length codes or an
- * oversubscribed set of lengths) - in this case stores NULL in *t.
+ * case), two if the input is invalid (an oversubscribed set of lengths)
+ * - in this case stores NULL in *t.
*
* b: code lengths in bits (all assumed <= BMAX)
* n: number of codes (assumed <= N_MAX)
@@ -330,8 +330,15 @@ static int huft_build(const unsigned *b, const unsigned n,
p++; /* can't combine with above line (Solaris bug) */
} while (--i);
if (c[0] == n) { /* null input - all zero length codes */
- *m = 0;
- return 2;
+ q = xzalloc(3 * sizeof(*q));
+ //q[0].v.t = NULL;
+ q[1].e = 99; /* invalid code marker */
+ q[1].b = 1;
+ q[2].e = 99; /* invalid code marker */
+ q[2].b = 1;
+ *t = q + 1;
+ *m = 1;
+ return 0;
}
/* Find minimum and maximum length, bound *m by those */