Prevent undefined behavior in decode_length

This commit is contained in:
Matt Rudary 2016-11-11 11:12:43 -05:00
parent 2b75aff32e
commit 5a81f2441f
2 changed files with 6 additions and 0 deletions

View File

@ -32,6 +32,7 @@ Etienne Cimon
Fabian Möller
Fabian Wiesel
Gabi Davar
Google Inc.
Jacob Champion
Jan-E
Janusz Dziemidowicz

View File

@ -864,6 +864,11 @@ static ssize_t decode_length(uint32_t *res, size_t *shift_ptr, int *fin,
for (; in != last; ++in, shift += 7) {
uint32_t add = *in & 0x7f;
if (shift >= 32) {
DEBUGF("inflate: shift exponent overflow\n");
return -1;
}
if ((UINT32_MAX >> shift) < add) {
DEBUGF("inflate: integer overflow on shift\n");
return -1;