inftrees.c compared the number of used table entries to the maximum
allowed value using >= instead of >. This patch fixes those to use
>. The bug was discovered by Ignat Kolesnichenko of Yandex LC
where they have run petabytes of data through zlib. Triggering the
bug is apparently very rare, seeing as how it has been out there in
the wild for almost three years before being discovered. The bug
is instantiated only if the exact maximum number of decoding table
entries, ENOUGH_DISTS or ENOUGH_LENS is used by the block being
decoded, resulting in the false positive of overflowing the table.
If the deflateInit2() called for the first gzwrite() failed with a
Z_MEM_ERROR, then a subsequent gzclose() would try to free an
already freed pointer. This fixes that.
A gzopen() to write (mode "w") followed immediately by a gzclose()
would output an empty zero-length file. What it should do is write
an empty gzip file, with the gzip header, empty deflate content,
and gzip trailer totalling 20 bytes. This fixes it to do that.
Avoid the use of an uninitialized value when the write buffers have
not been initialized. A recent change to avoid the use of strm->
next_in in order to resolve some const conflicts added the use of
state->in in its place. This patch avoids the use of state->in
when it is not initialized. Nothing bad would actually happen,
since two variables set to the same unintialized value are
subtracted. However valgrind was rightly complaining. So this
fixes that.
Also clean up comparisons between different types, and some odd
indentation problems that showed up somehow.
A new endless loop was introduced by the clang compiler, which
apparently does odd things when the right operand of << is equal to
or greater than the number of bits in the type. The C standard in
fact states that the behavior of << is undefined in that case. The
loop was rewritten to use single-bit shifts.
This patch allows zlib to compile cleanly with the -Wcast-qual gcc
warning enabled, but only if ZLIB_CONST is defined, which adds
const to next_in and msg in z_stream and in the in_func prototype.
A --const option is added to ./configure which adds -DZLIB_CONST
to the compile flags, and adds -Wcast-qual to the compile flags
when ZLIBGCCWARN is set in the environment.
There were two problems before that this fixes. One was that the
check for the compiler error return code preceded the determination
of the compiler and its options. The other was that the checks
for compiler and library characteristics could be fooled if the
error options were set to reject K&R-style C. configure now aborts
if the compiler produces a hard error on K&R-style C.
In addition, aborts of configure are now consistent, and remove
any temporary files.
The original change was to always use /usr/bin/libtool on Darwin,
in order to avoid using a GNU libtool installed by the user in the
path ahead of Apple's libtool. However someone might install a
more recent Apple libtool ahead of /usr/bin/libtool. This commit
checks to see if libtool is Apple, and uses /usr/bin/libtool if it
isn't.
More than a decade later, Microsoft C does not support the C99
standard. It's good that _snprintf has a different name, since it
does not guarantee that the result is null terminated, as does
snprintf. However where _snprintf is used under Microsoft C, the
destination string is assured to be long enough, so this will not
be a problem. This occurs in two places, both in gzlib.c. Where
sprintf functionality is needed by gzprintf, vsnprintf is used in
the case of Microsoft C.
This avoids warnings in OpenBSD that apparently can't be turned
off whenever you link strcpy, strcat, or sprintf. When snprintf
isn't available, the use of the "unsafe" string functions has
always in fact been safe, since the lengths are all checked before
those functions are called.
We do not use strlcpy or strlcat, since they are not (yet) found on
all systems. snprintf on the other hand is part of the C standard
library and is very common.
Mark Adler