diff options
author | cperciva <cperciva@FreeBSD.org> | 2005-07-06 14:00:52 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2005-07-06 14:00:52 +0000 |
commit | d0d10216310971a993ad53165ee8e5e4244c5a36 (patch) | |
tree | b2e43cd1c949886055cf9e016eabc00f76b25d3b /lib/libz | |
parent | 636341c188456598bd26ba332694534e3d968d94 (diff) | |
download | FreeBSD-src-d0d10216310971a993ad53165ee8e5e4244c5a36.zip FreeBSD-src-d0d10216310971a993ad53165ee8e5e4244c5a36.tar.gz |
Correct a buffer overflow which occurred in the handling of some
particularly corrupt deflated data streams.
Security: FreeBSD-SA-05:16.zlib
Approved by: re (security blanket)
Diffstat (limited to 'lib/libz')
-rw-r--r-- | lib/libz/inftrees.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libz/inftrees.c b/lib/libz/inftrees.c index 8a896b2..509461d 100644 --- a/lib/libz/inftrees.c +++ b/lib/libz/inftrees.c @@ -134,7 +134,7 @@ unsigned short FAR *work; left -= count[len]; if (left < 0) return -1; /* over-subscribed */ } - if (left > 0 && (type == CODES || (codes - count[0] != 1))) + if (left > 0 && (type == CODES || max != 1)) return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ |