[master] f666571b4 Cherry-pick (f7d01aae6ec611) from madler/zlib:

Poul-Henning Kamp phk at FreeBSD.org
Mon Sep 23 13:45:05 UTC 2024


commit f666571b46f8ec66b92a272dd0f9f4f9724f885f
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Mon Sep 23 13:33:05 2024 +0000

    Cherry-pick (f7d01aae6ec611) from madler/zlib:
    
        Avoid out-of-bounds pointer arithmetic in inflateCopy().
    
        Though it does not matter for code correctness, clang's UBSan
        injects code that complains about computing a pointer from an array
        where the result is out-of-bounds for that array, even though the
        pointer is never dereferenced. Go figure. This commit avoids that
        possibility when computing distcode in inflateCopy().

diff --git a/lib/libvgz/inflate.c b/lib/libvgz/inflate.c
index 5c7494f47..b9545e918 100644
--- a/lib/libvgz/inflate.c
+++ b/lib/libvgz/inflate.c
@@ -933,7 +933,7 @@ int ZEXPORT inflate(z_streamp strm, int flush) {
             while (state->have < 19)
                 state->lens[order[state->have++]] = 0;
             state->next = state->codes;
-            state->lencode = (const code FAR *)(state->next);
+            state->lencode = state->distcode = (const code FAR *)(state->next);
             state->lenbits = 7;
             ret = inflate_table(CODES, state->lens, 19, &(state->next),
                                 &(state->lenbits), state->work);


More information about the varnish-commit mailing list