Assure that inflatePrime() can't shift a 32-bit integer by 32 bits.

The inflate() functions never leave state->bits greater than 24, so an inflatePrime() call could not cause this. The only way this could have happened would be by using inflatePrime() to fill the bit buffer with 32 bits, and then calling inflatePrime() a *second* time asking to insert zero bits, for some reason. This commit assures that a shift by 32 bits does not occur even in that case.
author: Mark Adler <madler@alumni.caltech.edu> 2023-02-17 00:06:32 -0800
committer: Mark Adler <madler@alumni.caltech.edu> 2023-02-17 00:06:32 -0800
commit: 12b345c4309b37ab905e7e702021c1c2d2c095cc (patch)
tree: a05fba37e155d16fced4e198644ec624791412ed
parent: fa8cd50ada68b873c754766bc73b12080b7b309e (diff)
download: zlib-12b345c4309b37ab905e7e702021c1c2d2c095cc.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/inflate.c b/inflate.c
index 8acbef4..ef60267 100644
--- a/inflate.c
+++ b/inflate.c
@@ -255,6 +255,8 @@ int value;
     struct inflate_state FAR *state;
 
     if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    if (bits == 0)
+        return Z_OK;
     state = (struct inflate_state FAR *)strm->state;
     if (bits < 0) {
         state->hold = 0;
author	Mark Adler <madler@alumni.caltech.edu>	2023-02-17 00:06:32 -0800
committer	Mark Adler <madler@alumni.caltech.edu>	2023-02-17 00:06:32 -0800
commit	12b345c4309b37ab905e7e702021c1c2d2c095cc (patch)
tree	a05fba37e155d16fced4e198644ec624791412ed
parent	fa8cd50ada68b873c754766bc73b12080b7b309e (diff)
download	zlib-12b345c4309b37ab905e7e702021c1c2d2c095cc.tar.gz