Commit Graph

366 Commits

Author SHA1 Message Date
Mark Adler
b516b4bdd7 Do a more thorough check of the state for every stream call.
This verifies that the state has been initialized, that it is the
expected type of state, deflate or inflate, and that at least the
first several bytes of the internal state have not been clobbered.
2016-10-24 21:07:43 -07:00
Mark Adler
77fd7e56bf Document the rejection of 256-byte window requests in zlib.h. 2016-10-24 16:00:51 -07:00
Mark Adler
049578f0a1 Reject a window size of 256 bytes if not using the zlib wrapper.
There is a bug in deflate for windowBits == 8 (256-byte window).
As a result, zlib silently changes a request for 8 to a request
for 9 (512-byte window), and sets the zlib header accordingly so
that the decompressor knows to use a 512-byte window. However if
deflateInit2() is used for raw deflate or gzip streams, then there
is no indication that the request was not honored, and the
application might assume that it can use a 256-byte window when
decompressing. This commit returns an error if the user requests
a 256-byte window when using raw deflate or gzip encoding.
2016-10-24 15:52:19 -07:00
Mark Adler
a0bf0f31d3 Avoid obfuscating use of default case in inftrees.c. 2016-10-14 13:30:18 -07:00
Mark Adler
da64f1730c Move macro definition in deflate.c to where it is used.
This avoid defining a macro that is never used when not debugging.
2016-10-14 13:18:58 -07:00
Mark Adler
ebbc57393d Avoid recursive gzgetc() macro call.
Recursive macro calls are normally caught by the preprocessor and
avoided. This commit avoids the possibility of a problem entirely.
2016-10-14 13:16:07 -07:00
Mark Adler
7d6956b6a1 Make globals in examples local to compilation unit. 2016-10-14 13:10:54 -07:00
Mark Adler
8b95fa19cd Add --warn option to ./configure, instead of environment variable. 2016-10-11 22:21:04 -07:00
Mark Adler
7096424f23 Clean up type conversions. 2016-10-11 22:15:50 -07:00
Mark Adler
2edb94a302 Avoid casting an out-of-range value to long. 2016-10-11 18:38:20 -07:00
Mark Adler
e08118c401 Note the violation of the strict aliasing rule in crc32.c.
See the comment for more details. This is in response to an issue
raised as a result of a security audit of the zlib code by Trail
of Bits and TrustInSoft, in support of the Mozilla Foundation.
2016-10-03 22:33:26 -07:00
Mark Adler
d1d577490c Avoid pre-decrement of pointer in big-endian CRC calculation.
There was a small optimization for PowerPCs to pre-increment a
pointer when accessing a word, instead of post-incrementing. This
required prefacing the loop with a decrement of the pointer,
possibly pointing before the object passed. This is not compliant
with the C standard, for which decrementing a pointer before its
allocated memory is undefined. When tested on a modern PowerPC
with a modern compiler, the optimization no longer has any effect.
Due to all that, and per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.
2016-09-28 20:48:38 -07:00
Mark Adler
6a043145ca Remove offset pointer optimization in inftrees.c.
inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.
2016-09-21 23:35:50 -07:00
Mark Adler
9aaec95e82 Use post-increment only in inffast.c.
An old inffast.c optimization turns out to not be optimal anymore
with modern compilers, and furthermore was not compliant with the
C standard, for which decrementing a pointer before its allocated
memory is undefined. Per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.
2016-09-21 22:51:15 -07:00
Mark Adler
3fb251b363 Remove dummy structure declarations for old buggy compilers.
While woolly mammoths still roamed the Earth and before Atlantis
sunk into the ocean, there were C compilers that could not handle
forward structure references, e.g. "struct name;". zlib dutifully
provided a work-around for such compilers. That work-around is no
longer needed, and, per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, should be removed since what a compiler will
do with this is technically undefined. From the report: "there is
no telling what interactions the bug could have in the future with
link-time optimizations and type-based alias analyses, both
features that are present (but not default) in clang."
2016-09-21 20:34:04 -07:00
Mark Adler
33a7aff45d Fix typo. 2016-09-21 08:45:59 -07:00
Mark Adler
9852c209ac Add option to not compute or check check values.
The undocumented (except in these commit comments) function
inflateValidate(strm, check) can be called after an inflateInit(),
inflateInit2(), or inflateReset2() with check equal to zero to
turn off the check value (CRC-32 or Adler-32) computation and
comparison. Calling with check not equal to zero turns checking
back on. This should only be called immediately after the init or
reset function. inflateReset() does not change the state, so a
previous inflateValidate() setting will remain in effect.

This also turns off validation of the gzip header CRC when
present.

This should only be used when a zlib or gzip stream has already
been checked, and repeated decompressions of the same stream no
longer need to be validated.
2016-09-20 18:55:37 -07:00
Mark Adler
93b0af4aa7 Correct the size of the inflate state in the comments. 2016-09-20 17:27:28 -07:00
Mark Adler
70a8763b71 Fix typo in blast.c. 2016-07-10 11:43:17 -07:00
Mark Adler
2bcfc31188 Add configure.log to .gitignore. 2016-06-17 19:36:10 -07:00
Mark Adler
4f1df003ed Loop on write() calls in gzwrite.c in case of non-blocking I/O. 2016-04-05 03:09:59 -07:00
Mark Adler
4423fef8dc Fix gzseek() problem on MinGW due to buggy _lseeki64 there. 2016-01-29 23:24:55 -08:00
Mark Adler
6cef1de740 Fix bug that accepted invalid zlib header when windowBits is zero.
When windowBits is zero, the size of the sliding window comes from
the zlib header.  The allowed values of the four-bit field are
0..7, but when windowBits is zero, values greater than 7 are
permitted and acted upon, resulting in large, mostly unused memory
allocations.  This fix rejects such invalid zlib headers.
2015-11-26 22:52:25 -08:00
Mark Adler
8f1b3744e5 Use a consistent and more modern approach to not use a parameter.
A remarkably creative and diverse set of approaches to letting the
compiler know that opaque was being used when it wasn't is changed
by this commit to the more standard (void)opaque.
2015-10-04 11:48:42 -07:00
Mark Adler
f77c982344 Use UTF-8 for non-ASCII characters in ChangeLog. 2015-09-16 15:40:00 -07:00
Mark Adler
44ae761dc2 Clean up portability for shifts and integer sizes. 2015-09-05 18:56:55 -07:00
Mark Adler
e54e129940 Avoid shifts of negative values inflateMark().
The C standard says that bit shifts of negative integers is
undefined.  This casts to unsigned values to assure a known
result.
2015-09-05 17:45:55 -07:00
Mark Adler
27ef026603 Fix typo. 2015-08-15 18:14:50 -07:00
Mark Adler
82e9dc6093 Use const for static tree descriptions in deflate.
This is in order to permit shared memory for these structures.
2015-08-15 18:04:50 -07:00
Mark Adler
55d98b4c30 Allow building zlib outside of the source directory.
To build, simply run configure from the source directory by
specifying its path.  That path will be used to find the source
files.  The source directory will not be touched.  All new and
modified files will be made in the current directory.  Discovered
in the process that not all makes understand % or $<, and not all
compilers understand -include or -I-.  This required a larger
Makefile.in with explicit dependencies.
2015-08-02 21:35:50 -07:00
Mark Adler
bfcace04f9 Do not initialize unsigned with -1 in compress.c uncompr.c.
Sun compiler complained.  Use (unsigned)0 - 1 instead.
2015-08-02 17:22:20 -07:00
Mark Adler
43bfaba3d7 Align deflateParams() and its documentation in zlib.h.
This updates the documentation to reflect the behavior of
deflateParams() when it is not able to compress all of the input
data provided so far due to insufficient output space.  It also
assures that data provided is compressed before the parameter
changes, even if at the beginning of the stream.
2015-08-02 00:06:28 -07:00
Mark Adler
b4ce6caf09 Compile the gzopen_w() function when __CYGWIN__ defined. 2015-08-01 17:38:56 -07:00
Mark Adler
2fc6d66797 Define _POSIX_SOURCE to enable POSIX extensions on some systems. 2015-07-28 23:32:35 -07:00
Mark Adler
5701f48cf5 Clarify deflateReset() documentation.
It previously could have been misinterpreted to mean that parameter
changes after deflateInit2() would be reversed, which is not the
case.
2015-07-28 23:19:50 -07:00
Mark Adler
c901a34c92 Avoid uninitialized access by gzclose_w(). 2015-07-28 23:13:53 -07:00
Mark Adler
51a223def4 Avoid use of DEBUG macro -- change to ZLIB_DEBUG. 2015-07-28 22:44:31 -07:00
Mark Adler
0b22337126 Avoid use of reallocf() in test/infcover.c. 2015-07-28 21:55:09 -07:00
Mark Adler
0db8fd3714 Fix inflateInit2() bug when windowBits is 16 or 32.
A windowBits value of 0, 16, or 32 gets the window bits from the
zlib header.  However there is no zlib header for 16, or for 32
when the input is gzip.  This commit sets the window bits for
inflate to 15 if a gzip stream is detected and windowBits was 16
or 32.
2015-07-28 21:41:20 -07:00
Mark Adler
b56d1c62ee Add comment about not using windowBits of 8 for deflate(). 2015-07-28 21:06:06 -07:00
Mark Adler
e7ebb399d7 Put license in zlib.3 man page.
Previously there was a confusing reference to a "distribution
directory".
2015-07-07 20:11:01 -07:00
Mark Adler
95698093f0 Improve speed of gzprintf() in transparent mode. 2015-07-05 18:14:53 -07:00
Mark Adler
8a979f6c79 Avoid left shift of a negative value in flush rank calculation.
The C standard permits an undefined result for a left shift of a
negative value.
2015-07-05 13:51:50 -07:00
Mark Adler
9859a94c10 Remedy Coverity warning. [Randers-Pehrson] 2015-01-26 21:42:42 -08:00
Mark Adler
5370d99a2a Add inflateCodesUsed() function for internal use. 2014-12-29 00:18:42 -08:00
Mark Adler
283520baf7 Fix bug in test/example.c where error code not saved. 2014-07-02 16:34:22 -07:00
Mark Adler
9cbda797c1 Note in zlib.h that compress() uses Z_DEFAULT_COMPRESSION. 2014-04-26 08:12:37 -07:00
Mark Adler
7d54c69413 Fix uncompress() to work on lengths more than a maximum unsigned. 2014-04-26 08:08:25 -07:00
Mark Adler
f898bbed89 Fix compress() to work on lengths more than a maximum unsigned. 2014-04-26 08:08:12 -07:00
Mark Adler
72c70060d8 Assure that gzoffset() is correct when appending.
An open() with O_APPEND followed by an lseek() to determine the
position will return zero for a non-empty file, even though the
next write will start at the end of the file.  This commit works
around that by doing an lseek() to the end when appending.
2014-04-24 19:45:36 -04:00