Protect against malformed compressed data.

Problem reported by Tavis Ormandy <taviso@google.com>. * src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is zero.
2009-03-20 07:19:45 +01:00 · 2009-03-20 07:19:45 +01:00 · 0a05ba257b
commit 0a05ba257b
parent 0545ec1ca3
2 changed files with 12 additions and 0 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2009-03-20  Werner Lemberg  <wl@gnu.org>
+
+	Protect against malformed compressed data.
+
+	Problem reported by Tavis Ormandy <taviso@google.com>.
+
+	* src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is
+	zero.
+
 2009-03-20  Werner Lemberg  <wl@gnu.org>

 	Protect against invalid SID values in CFFs.
--- a/src/lzw/ftzopen.c
+++ b/src/lzw/ftzopen.c
@ -332,6 +332,9 @@

          while ( code >= 256U )
          {
+            if ( !state->prefix )
+              goto Eof;
+
            FTLZW_STACK_PUSH( state->suffix[code - 256] );
            code = state->prefix[code - 256];
          }