Undetected zlib error "invalid distance too far back" #14
Comments
|
Nevermind the suggested fix. It just causes false errors. But the issue of undetected corruption is a seriuos concern, still. |
|
It is helpful if there exits a test to reproduce that reported problem. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
JZLib 1.1.3 currently fails to detect the zlib error "invalid distance too far back", which can lead to corrupt results when inflating, without throwing an exception. This specifically seems to happen with Inflaters created with a "nowrap == true" paramterer that also require a custom dictionary.
The bug seems to result from an ommited distance check in the method "inflate_fast" in the class "InfCodes.java". The pertinent code currently reads:
...
// copy all or what's left
if(q-r>0 && c>(q-r)){
do{
s.window[q++] = s.window[r++];
}
while(--c!=0);
}
else {
System.arraycopy(s.window, r, s.window, q, c);
q += c;
r +=c;
c=0;
}
break;
...
Changing this code to something like the following seems to fix the issue:
...
// copy all or what's left
if(q-r>0 && c>(q-r)){
do{
s.window[q++] = s.window[r++];
}
while(--c!=0);
}
else {
if (q - r < 0) {
mode = BADCODE;
z.msg = "invalid distance too far back";
return Z_DATA_ERROR;
}
System.arraycopy(s.window, r, s.window, q, c);
q += c;
r +=c;
c=0;
}
break;
...
The text was updated successfully, but these errors were encountered: