[6.0] 9b6130f76 Cherry-pick (f7d01aae6ec611) from madler/zlib:
Walid Boudebouda
walid.boudebouda at gmail.com
Wed Dec 10 15:43:07 UTC 2025
commit 9b6130f76caf21d1fd5dc41f6090104bdf89841a
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Mon Sep 23 13:33:05 2024 +0000
Cherry-pick (f7d01aae6ec611) from madler/zlib:
Avoid out-of-bounds pointer arithmetic in inflateCopy().
Though it does not matter for code correctness, clang's UBSan
injects code that complains about computing a pointer from an array
where the result is out-of-bounds for that array, even though the
pointer is never dereferenced. Go figure. This commit avoids that
possibility when computing distcode in inflateCopy().
diff --git a/lib/libvgz/inflate.c b/lib/libvgz/inflate.c
index 5c7494f47..b9545e918 100644
--- a/lib/libvgz/inflate.c
+++ b/lib/libvgz/inflate.c
@@ -933,7 +933,7 @@ int ZEXPORT inflate(z_streamp strm, int flush) {
while (state->have < 19)
state->lens[order[state->have++]] = 0;
state->next = state->codes;
- state->lencode = (const code FAR *)(state->next);
+ state->lencode = state->distcode = (const code FAR *)(state->next);
state->lenbits = 7;
ret = inflate_table(CODES, state->lens, 19, &(state->next),
&(state->lenbits), state->work);
More information about the varnish-commit
mailing list