From 2598915d43d7403e72d312ac426e585499e94173 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sun, 4 Feb 2018 00:15:29 +0100 Subject: gunzip: fix from gzip-1.3.12 for gzip file with all zero length codes Corresponding changelog from gzip-1.3.12 reads: """ 2006-12-20 Paul Eggert * inflate.c (huft_build): Fix regression that caused gzip to refuse to uncompress null input (all zero length codes). Problem reported by Yiorgos Adamopoulos. This regression was caused by the security patch installed 2006-11-20, which in turn came from Debian, which in turn apparently came from Thomas Biege of SuSe. """ function old new delta huft_build 1176 1216 +40 Signed-off-by: Denys Vlasenko --- archival/libarchive/decompress_gunzip.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'archival') diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c index edff7e0e5..9a58d10d4 100644 --- a/archival/libarchive/decompress_gunzip.c +++ b/archival/libarchive/decompress_gunzip.c @@ -280,8 +280,8 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current /* Given a list of code lengths and a maximum table size, make a set of * tables to decode that set of codes. Return zero on success, one if * the given code set is incomplete (the tables are still built in this - * case), two if the input is invalid (all zero length codes or an - * oversubscribed set of lengths) - in this case stores NULL in *t. + * case), two if the input is invalid (an oversubscribed set of lengths) + * - in this case stores NULL in *t. * * b: code lengths in bits (all assumed <= BMAX) * n: number of codes (assumed <= N_MAX) @@ -330,8 +330,15 @@ static int huft_build(const unsigned *b, const unsigned n, p++; /* can't combine with above line (Solaris bug) */ } while (--i); if (c[0] == n) { /* null input - all zero length codes */ - *m = 0; - return 2; + q = xzalloc(3 * sizeof(*q)); + //q[0].v.t = NULL; + q[1].e = 99; /* invalid code marker */ + q[1].b = 1; + q[2].e = 99; /* invalid code marker */ + q[2].b = 1; + *t = q + 1; + *m = 1; + return 0; } /* Find minimum and maximum length, bound *m by those */ -- cgit v1.2.3