From 9b383e8a07ca323d95f1bd378698d1f2e2c37db9 Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Wed, 10 May 2017 04:15:42 -0400
Subject: [PATCH] Clear out-of-bounds read when fuzzing zinflate.cpp:553:41:
 runtime error: index 30 out of bounds for type 'unsigned int [30]'
 zinflate.cpp:553:11: runtime error: load of address 0x0000011806b8 with
 insufficient space for an object of type 'const unsigned int'
 zinflate.cpp:32:32: runtime error: shift exponent 64 is too large for 64-bit
 type 'long unsigned int'

---
 zinflate.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/zinflate.cpp b/zinflate.cpp
index 6d8c31e7..62431771 100644
--- a/zinflate.cpp
+++ b/zinflate.cpp
@@ -550,7 +550,9 @@ bool Inflator::DecodeBody()
 						break;
 					}
 		case DISTANCE_BITS:
-					bits = distanceExtraBits[m_distance];
+					// TODO: this surfaced during fuzzing. What do we do???
+					CRYPTOPP_ASSERT(m_distance < COUNTOF(distanceExtraBits));
+					bits = (m_distance >= COUNTOF(distanceExtraBits)) ? distanceExtraBits[29] : distanceExtraBits[m_distance];
 					if (!m_reader.FillBuffer(bits))
 					{
 						m_nextDecode = DISTANCE_BITS;