From 40a5b75ebe4b54a8537c56cf4f64ea87e76cfaa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Anic=CC=81?= Date: Thu, 8 Feb 2024 12:55:31 +0100 Subject: [PATCH] add lengths overflow test case Fixes #1 --- src/inflate.zig | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/inflate.zig b/src/inflate.zig index a705f92..0e4c188 100644 --- a/src/inflate.zig +++ b/src/inflate.zig @@ -74,6 +74,7 @@ pub fn Inflate(comptime container: Container, comptime ReaderType: type) type { DeflateInvalidCode, DeflateInvalidBlockType, DeflateWrongNlen, + CorruptInput, }; pub fn init(rt: ReaderType) Self { @@ -186,6 +187,7 @@ pub fn Inflate(comptime container: Container, comptime ReaderType: type) type { return 1; }, 16 => { + if (pos == 0) return error.CorruptInput; // Copy the previous code length 3 - 6 times. // The next 2 bits indicate repeat length const n: u8 = @as(u8, try self.bits.read(u2)) + 3; @@ -470,3 +472,13 @@ test "zlib decompress" { try testing.expectEqualStrings(c.out, al.items); } } + +test "lengths overflow" { + const data = "\xed\x1d$\xe9\xff\xff9\x0e"; + + var fb = std.io.fixedBufferStream(data); + var al = std.ArrayList(u8).init(testing.allocator); + defer al.deinit(); + + try testing.expectError(error.CorruptInput, decompress(.raw, fb.reader(), al.writer())); +}