diff options
author | Florian Mayer <fmayer@google.com> | 2022-03-23 23:16:54 +0000 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2022-03-23 16:29:14 -0700 |
commit | cb89dc607cd4b85d98867f14216c3370109be64d (patch) | |
tree | 114db5ff1988a64fcf9b4cec3a1b686666a7ffbf | |
parent | 16b8c02648faf08794ed0048c0fb1427909e9a46 (diff) | |
download | zlib-cb89dc607cd4b85d98867f14216c3370109be64d.tar.gz |
Fix out-of-bounds in infcover tests.
Upstream zlib pull request: https://github.com/madler/zlib/pull/602
Bug: 225069280
Change-Id: I548a836096323053af225083916893b851532980
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3546708
Reviewed-by: Noel Gordon <noel@chromium.org>
Commit-Queue: Noel Gordon <noel@chromium.org>
Cr-Commit-Position: refs/heads/main@{#984579}
NOKEYCHECK=True
GitOrigin-RevId: afa134512eec0ab985c64bc39e39b0bb5212f8f6
-rw-r--r-- | contrib/tests/infcover.cc | 4 | ||||
-rw-r--r-- | patches/0009-infcover-oob.patch | 24 |
2 files changed, 27 insertions, 1 deletions
diff --git a/contrib/tests/infcover.cc b/contrib/tests/infcover.cc index c5300a5..16dd744 100644 --- a/contrib/tests/infcover.cc +++ b/contrib/tests/infcover.cc @@ -395,7 +395,9 @@ void cover_support(void) mem_setup(&strm); strm.avail_in = 0; strm.next_in = Z_NULL; - ret = inflateInit_(&strm, ZLIB_VERSION - 1, (int)sizeof(z_stream)); + char versioncpy[] = ZLIB_VERSION; + versioncpy[0] -= 1; + ret = inflateInit_(&strm, versioncpy, (int)sizeof(z_stream)); assert(ret == Z_VERSION_ERROR); mem_done(&strm, "wrong version"); diff --git a/patches/0009-infcover-oob.patch b/patches/0009-infcover-oob.patch new file mode 100644 index 0000000..648360f --- /dev/null +++ b/patches/0009-infcover-oob.patch @@ -0,0 +1,24 @@ +From 75690b2683667be5535ac6243438115dc9c40f6a Mon Sep 17 00:00:00 2001 +From: Florian Mayer <fmayer@google.com> +Date: Wed, 16 Mar 2022 16:38:36 -0700 +Subject: [PATCH] Fix out of bounds in infcover.c. + +--- + test/infcover.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/test/infcover.c b/test/infcover.c +index 2be01646c..a6d83693c 100644 +--- a/test/infcover.c ++++ b/test/infcover.c +@@ -373,7 +373,9 @@ local void cover_support(void) + mem_setup(&strm); + strm.avail_in = 0; + strm.next_in = Z_NULL; +- ret = inflateInit_(&strm, ZLIB_VERSION - 1, (int)sizeof(z_stream)); ++ char versioncpy[] = ZLIB_VERSION; ++ versioncpy[0] -= 1; ++ ret = inflateInit_(&strm, versioncpy, (int)sizeof(z_stream)); + assert(ret == Z_VERSION_ERROR); + mem_done(&strm, "wrong version"); + |