Commit a9bd296d051d3edccf7eb07517d89eaa47ddb872
2022-02-08T10:48:04
fix infinite loop in got-index-pack for pack files >= 4GB in size Because of a missing range check our zlib wrapper would end up calling zlib over and over with zero bytes of input. Problem reported by semarie and naddy. Fixed with help from millert@. ok millert naddy
diff --git a/lib/deflate.c b/lib/deflate.c
index 6a151f9..3c97a77 100644
--- a/lib/deflate.c
+++ b/lib/deflate.c
@@ -153,7 +153,10 @@ got_deflate_read_mmap(struct got_deflate_buf *zb, uint8_t *map, size_t offset,
size_t last_total_in = z->total_in;
if (z->avail_in == 0) {
z->next_in = map + offset + *consumed;
- z->avail_in = len - *consumed;
+ if (len - *consumed > UINT_MAX)
+ z->avail_in = UINT_MAX;
+ else
+ z->avail_in = len - *consumed;
if (z->avail_in == 0) {
/* EOF */
ret = deflate(z, Z_FINISH);
diff --git a/lib/inflate.c b/lib/inflate.c
index b042614..83651a5 100644
--- a/lib/inflate.c
+++ b/lib/inflate.c
@@ -249,7 +249,10 @@ got_inflate_read_mmap(struct got_inflate_buf *zb, uint8_t *map, size_t offset,
break;
}
z->next_in = map + offset + *consumed;
- z->avail_in = len - *consumed;
+ if (len - *consumed > UINT_MAX)
+ z->avail_in = UINT_MAX;
+ else
+ z->avail_in = len - *consumed;
}
if (zb->csum) {
csum_in = z->next_in;