From faa03d5141fad5ca0c34ac2a4a72b383668083aa Mon Sep 17 00:00:00 2001 From: Mark Adler Date: Thu, 22 Sep 2011 23:45:00 -0700 Subject: [PATCH] Avoid searching past window for Z_RLE strategy. Without this, Z_RLE could under some circumstances read one byte past the end of the allocated sliding window. This would normally not be a problem unless the window is right at the end of an allocated page, or if a bounds checker is being used. --- deflate.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deflate.c b/deflate.c index d9d141a..f0765d3 100644 --- a/deflate.c +++ b/deflate.c @@ -1761,11 +1761,11 @@ local block_state deflate_rle(s, flush) for (;;) { /* Make sure that we always have enough lookahead, except * at the end of the input file. We need MAX_MATCH bytes - * for the longest encodable run. + * for the longest run, plus one for the unrolled loop. */ - if (s->lookahead < MAX_MATCH) { + if (s->lookahead <= MAX_MATCH) { fill_window(s); - if (s->lookahead < MAX_MATCH && flush == Z_NO_FLUSH) { + if (s->lookahead <= MAX_MATCH && flush == Z_NO_FLUSH) { return need_more; } if (s->lookahead == 0) break; /* flush the current block */ @@ -1788,6 +1788,7 @@ local block_state deflate_rle(s, flush) if (s->match_length > s->lookahead) s->match_length = s->lookahead; } + Assert(scan <= s->window+(uInt)(s->window_size-1), "wild scan"); } /* Emit match if have run of MIN_MATCH or longer, else emit literal */