A malformed input file can cause gzip to crash with a segmentation
violation or hang in an endless loop.
Reported in <http://bugs.debian.org/507263>.
* NEWS (Bug fixes): Mention it.
gzip no longer ignores a close-induced write failure, e.g., on NFS
+ gzip -d no longer segfaults on certain invalid inputs
+
Major changes in Gzip 1.3.12 (2007-04-13)
} while (--i);
if (c[0] == n) /* null input--all zero length codes */
{
- q = (struct huft *) malloc (2 * sizeof *q);
+ q = (struct huft *) malloc (3 * sizeof *q);
if (!q)
return 3;
- hufts += 2;
+ hufts += 3;
q[0].v.t = (struct huft *) NULL;
q[1].e = 99; /* invalid code marker */
q[1].b = 1;
+ q[2].e = 99; /* invalid code marker */
+ q[2].b = 1;
*t = q + 1;
*m = 1;
return 0;