[master] f666571b4 Cherry-pick (f7d01aae6ec611) from madler/zlib:
Poul-Henning Kamp
phk at FreeBSD.org
Mon Sep 23 13:45:05 UTC 2024
commit f666571b46f8ec66b92a272dd0f9f4f9724f885f
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Mon Sep 23 13:33:05 2024 +0000
Cherry-pick (f7d01aae6ec611) from madler/zlib:
Avoid out-of-bounds pointer arithmetic in inflateCopy().
Though it does not matter for code correctness, clang's UBSan
injects code that complains about computing a pointer from an array
where the result is out-of-bounds for that array, even though the
pointer is never dereferenced. Go figure. This commit avoids that
possibility when computing distcode in inflateCopy().
diff --git a/lib/libvgz/inflate.c b/lib/libvgz/inflate.c
index 5c7494f47..b9545e918 100644
--- a/lib/libvgz/inflate.c
+++ b/lib/libvgz/inflate.c
@@ -933,7 +933,7 @@ int ZEXPORT inflate(z_streamp strm, int flush) {
while (state->have < 19)
state->lens[order[state->have++]] = 0;
state->next = state->codes;
- state->lencode = (const code FAR *)(state->next);
+ state->lencode = state->distcode = (const code FAR *)(state->next);
state->lenbits = 7;
ret = inflate_table(CODES, state->lens, 19, &(state->next),
&(state->lenbits), state->work);
More information about the varnish-commit
mailing list