From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 16 Nov 2012 22:05:34 +0000 (-0800)
Subject: gzip: diagnose invalid code in packed data
X-Git-Tag: v1.6~17
X-Git-Url: https://git.gag.com/?a=commitdiff_plain;h=16977ae732bf60f79c9a4fd6d183662530ae7784;p=debian%2Fgzip

gzip: diagnose invalid code in packed data

* unpack.c (unpack): When encountering a code out of range, report
it and fail rather than charging ahead with randomish output.
Problem reported by Aki Helin.
---

diff --git a/unpack.c b/unpack.c
index e450c0e..44a232f 100644
--- a/unpack.c
+++ b/unpack.c
@@ -229,14 +229,19 @@ int unpack(in, out)
             /* Code of more than peek_bits bits, we must traverse the tree */
             ulg mask = peek_mask;
             len = peek_bits;
-            do {
+
+            /* Loop as long as peek is a parent node.  */
+            while (peek < parents[len])
+              {
                 len++, mask = (mask<<1)+1;
                 look_bits(peek, len, mask);
-            } while (peek < (unsigned)parents[len]);
-            /* loop as long as peek is a parent node */
+              }
         }
         /* At this point, peek is the next complete code, of len bits */
-        if (peek == eob && len == max_len) break; /* end of file? */
+        if (peek == eob)
+          break; /* End of file.  */
+        if (eob < peek)
+          gzip_error ("invalid compressed data--code out of range");
         put_ubyte(literal[peek+lit_base[len]]);
         Tracev((stderr,"%02d %04x %c\n", len, peek,
                 literal[peek+lit_base[len]]));