56 lines
1.8 KiB
Diff
56 lines
1.8 KiB
Diff
From ba829a458576d1ff0f26fc7230c6de816d1f6a77 Mon Sep 17 00:00:00 2001
|
|
From: Mark Adler <git@madler.net>
|
|
Date: Sun, 21 Dec 2025 18:17:56 -0800
|
|
Subject: [PATCH] Check for negative lengths in crc32_combine functions.
|
|
|
|
Though zlib.h says that len2 must be non-negative, this avoids the
|
|
possibility of an accidental infinite loop.
|
|
---
|
|
crc32.c | 4 ++++
|
|
zlib.h | 4 ++--
|
|
2 files changed, 6 insertions(+), 2 deletions(-)
|
|
|
|
Index: b/crc32.c
|
|
===================================================================
|
|
--- a/crc32.c
|
|
+++ b/crc32.c
|
|
@@ -1100,6 +1100,8 @@ uLong ZEXPORT crc32_combine64(crc1, crc2
|
|
uLong crc2;
|
|
z_off64_t len2;
|
|
{
|
|
+ if (len2 < 0)
|
|
+ return 0;
|
|
#ifdef DYNAMIC_CRC_TABLE
|
|
once(&made, make_crc_table);
|
|
#endif /* DYNAMIC_CRC_TABLE */
|
|
@@ -1119,6 +1121,8 @@ uLong ZEXPORT crc32_combine(crc1, crc2,
|
|
uLong ZEXPORT crc32_combine_gen64(len2)
|
|
z_off64_t len2;
|
|
{
|
|
+ if (len2 < 0)
|
|
+ return 0;
|
|
#ifdef DYNAMIC_CRC_TABLE
|
|
once(&made, make_crc_table);
|
|
#endif /* DYNAMIC_CRC_TABLE */
|
|
Index: b/zlib.h
|
|
===================================================================
|
|
--- a/zlib.h
|
|
+++ b/zlib.h
|
|
@@ -1759,14 +1759,14 @@ ZEXTERN uLong ZEXPORT crc32_combine OF((
|
|
seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
|
|
calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32
|
|
check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
|
|
- len2.
|
|
+ len2. len2 must be non-negative, otherwise zero is returned.
|
|
*/
|
|
|
|
/*
|
|
ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t len2));
|
|
|
|
Return the operator corresponding to length len2, to be used with
|
|
- crc32_combine_op().
|
|
+ crc32_combine_op(). len2 must be non-negative, otherwise zero is returned.
|
|
*/
|
|
|
|
ZEXTERN uLong ZEXPORT crc32_combine_op OF((uLong crc1, uLong crc2, uLong op));
|