Commit 5eddcd6036f58003c938979c222ae67c455f38df

Stefan Sperling 2020-03-18T16:13:42

fix endless loop from 9c2cfea6 if decompressed data exceeds buffer size

diff --git a/lib/inflate.c b/lib/inflate.c
index 75d3b40..adb65f7 100644
--- a/lib/inflate.c
+++ b/lib/inflate.c
@@ -287,9 +287,9 @@ got_inflate_to_mem(uint8_t **outbuf, size_t *outlen,
 		if (consumed_total)
 			*consumed_total += consumed;
 		if (zb.flags & GOT_INFLATE_F_HAVE_MORE) {
-			zb.outlen = (nbuf * GOT_INFLATE_BUFSIZE) - *outlen;
 			if (outbuf == NULL)
 				continue;
+			zb.outlen = (nbuf * GOT_INFLATE_BUFSIZE) - *outlen;
 			newbuf = reallocarray(*outbuf, ++nbuf,
 			   GOT_INFLATE_BUFSIZE);
 			if (newbuf == NULL) {
@@ -343,9 +343,9 @@ got_inflate_to_mem_fd(uint8_t **outbuf, size_t *outlen,
 		if (consumed_total)
 			*consumed_total += consumed;
 		if (zb.flags & GOT_INFLATE_F_HAVE_MORE) {
-			zb.outlen = (nbuf * GOT_INFLATE_BUFSIZE) - *outlen;
 			if (outbuf == NULL)
 				continue;
+			zb.outlen = (nbuf * GOT_INFLATE_BUFSIZE) - *outlen;
 			newbuf = reallocarray(*outbuf, ++nbuf,
 			    GOT_INFLATE_BUFSIZE);
 			if (newbuf == NULL) {