arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clear out-of-bounds read when fuzzing 

zinflate.cpp:553:41: runtime error: index 30 out of bounds for type 'unsigned int [30]'
zinflate.cpp:553:11: runtime error: load of address 0x0000011806b8 with insufficient space for an object of type 'const unsigned int'
zinflate.cpp:32:32: runtime error: shift exponent 64 is too large for 64-bit type 'long unsigned int'
pull/416/head
Jeffrey Walton 2017-05-10 04:15:42 -04:00
parent 093499260e
commit 9b383e8a07
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
zinflate.cpp
View File

@ -550,7 +550,9 @@ bool Inflator::DecodeBody()
break; break;
} }
case DISTANCE_BITS: case DISTANCE_BITS:
bits = distanceExtraBits[m_distance]; // TODO: this surfaced during fuzzing. What do we do???
CRYPTOPP_ASSERT(m_distance < COUNTOF(distanceExtraBits));
bits = (m_distance >= COUNTOF(distanceExtraBits)) ? distanceExtraBits[29] : distanceExtraBits[m_distance];
if (!m_reader.FillBuffer(bits)) if (!m_reader.FillBuffer(bits))
{ {
m_nextDecode = DISTANCE_BITS; m_nextDecode = DISTANCE_BITS;