gzip/backport-gzip-detect-invalid-input.patch

From 63814d71ed81baec6f8b55513b561e045b160fa2 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@trombone>
Date: Tue, 28 Jun 2022 22:30:08 -0500
Subject: [PATCH 1/2] gzip: detect invalid input

Conflict: Context adapt: Tracevv((stderr,"\\[%d,%d]", w-d, n));
Reference: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=4b58eee79d3af3647adb4c78938d83970e788975

Problem reported by Young Mo Kang and fix from Mark Adler (Bug#56247).
* inflate.c: Include stdbool.h.
(fresh): New static var.
* inflate.c (flush_output): Clear it.
(inflate): Set it.
(inflate_codes): Fail if the offset is outside a fresh input window.
---
 inflate.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/inflate.c b/inflate.c
index f54eb65..d5b8c44 100644
--- a/inflate.c
+++ b/inflate.c
@@ -117,6 +117,7 @@
 
 #include <config.h>
 
+#include <stdbool.h>
 #include <stdlib.h>
 
 #include "tailor.h"
@@ -153,8 +154,9 @@ static int huft_free (struct huft *);
    "uch *slide;" and then malloc'ed in the latter case.  The definition
    must be in unzip.h, included above. */
 /* unsigned wp;             current position in slide */
+static bool fresh;
 #define wp outcnt
-#define flush_output(w) (wp=(w),flush_window())
+#define flush_output(w) (fresh = false, wp = (w), flush_window ())
 
 /* Tables for deflate from PKZIP's appnote.txt. */
 static unsigned border[] = {    /* Order of the bit length code lengths */
@@ -572,6 +574,8 @@ inflate_codes(struct huft *tl, struct huft *td, int bl, int bd)
       NEEDBITS(e)
       d = w - t->v.n - ((unsigned)b & mask_bits[e]);
       DUMPBITS(e)
+      if (fresh && w <= d)
+	return 1;
       Tracevv((stderr,"\\[%d,%d]", w-d, n));
 
       /* do the copy */
@@ -954,6 +958,7 @@ inflate(void)
   wp = 0;
   bk = 0;
   bb = 0;
+  fresh = true;
 
 
   /* decompress until the last block */
-- 
2.27.0
backport bugfix patch: detect invalid input Signed-off-by: Lv Ying <lvying6@huawei.com> 2022-07-28 01:01:27 -07:00			`From 63814d71ed81baec6f8b55513b561e045b160fa2 Mon Sep 17 00:00:00 2001`
			`From: Paul Eggert <eggert@trombone>`
			`Date: Tue, 28 Jun 2022 22:30:08 -0500`
			`Subject: [PATCH 1/2] gzip: detect invalid input`

			`Conflict: Context adapt: Tracevv((stderr,"\\[%d,%d]", w-d, n));`
			`Reference: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=4b58eee79d3af3647adb4c78938d83970e788975`

			`Problem reported by Young Mo Kang and fix from Mark Adler (Bug#56247).`
			`* inflate.c: Include stdbool.h.`
			`(fresh): New static var.`
			`* inflate.c (flush_output): Clear it.`
			`(inflate): Set it.`
			`(inflate_codes): Fail if the offset is outside a fresh input window.`
			`---`
			`inflate.c \| 7 ++++++-`
			`1 file changed, 6 insertions(+), 1 deletion(-)`

			`diff --git a/inflate.c b/inflate.c`
			`index f54eb65..d5b8c44 100644`
			`--- a/inflate.c`
			`+++ b/inflate.c`
			`@@ -117,6 +117,7 @@`

			`#include <config.h>`

			`+#include <stdbool.h>`
			`#include <stdlib.h>`

			`#include "tailor.h"`
			`@@ -153,8 +154,9 @@ static int huft_free (struct huft *);`
			`"uch *slide;" and then malloc'ed in the latter case. The definition`
			`must be in unzip.h, included above. */`
			`/* unsigned wp; current position in slide */`
			`+static bool fresh;`
			`#define wp outcnt`
			`-#define flush_output(w) (wp=(w),flush_window())`
			`+#define flush_output(w) (fresh = false, wp = (w), flush_window ())`

			`/* Tables for deflate from PKZIP's appnote.txt. */`
			`static unsigned border[] = { /* Order of the bit length code lengths */`
			`@@ -572,6 +574,8 @@ inflate_codes(struct huft tl, struct huft td, int bl, int bd)`
			`NEEDBITS(e)`
			`d = w - t->v.n - ((unsigned)b & mask_bits[e]);`
			`DUMPBITS(e)`
			`+ if (fresh && w <= d)`
			`+ return 1;`
			`Tracevv((stderr,"\\[%d,%d]", w-d, n));`

			`/* do the copy */`
			`@@ -954,6 +958,7 @@ inflate(void)`
			`wp = 0;`
			`bk = 0;`
			`bb = 0;`
			`+ fresh = true;`


			`/* decompress until the last block */`
			`--`
			`2.27.0`