Home | History | Annotate | Download | only in gzip
      1 Index: gnu/usr.bin/gzip/gzip.h
      2 ===================================================================
      3 RCS file: /home/ncvs/src/gnu/usr.bin/gzip/gzip.h,v
      4 retrieving revision 1.4
      5 diff -u -d -r1.4 gzip.h
      6 --- gnu/usr.bin/gzip/gzip.h	2 May 2004 23:07:49 -0000	1.4
      7 +++ gnu/usr.bin/gzip/gzip.h	17 Sep 2006 10:58:37 -0000
      8 @@ -202,6 +202,8 @@
      9  extern int to_stdout;      /* output to stdout (-c) */
     10  extern int save_orig_name; /* set if original name must be saved */
     11  
     12 +#define MIN(a,b) ((a) <= (b) ? (a) : (b))
     13 +
     14  #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
     15  #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
     16  
     17 Index: gnu/usr.bin/gzip/inflate.c
     18 ===================================================================
     19 RCS file: /home/ncvs/src/gnu/usr.bin/gzip/inflate.c,v
     20 retrieving revision 1.9
     21 diff -u -d -r1.9 inflate.c
     22 --- gnu/usr.bin/gzip/inflate.c	13 Aug 2004 05:38:44 -0000	1.9
     23 +++ gnu/usr.bin/gzip/inflate.c	17 Sep 2006 10:58:37 -0000
     24 @@ -316,7 +316,7 @@
     25    {
     26      *t = (struct huft *)NULL;
     27      *m = 0;
     28 -    return 0;
     29 +    return 2;
     30    }
     31  
     32  
     33 Index: gnu/usr.bin/gzip/unlzh.c
     34 ===================================================================
     35 RCS file: /home/ncvs/src/gnu/usr.bin/gzip/unlzh.c,v
     36 retrieving revision 1.5
     37 diff -u -d -r1.5 unlzh.c
     38 --- gnu/usr.bin/gzip/unlzh.c	27 Aug 1999 23:35:53 -0000	1.5
     39 +++ gnu/usr.bin/gzip/unlzh.c	17 Sep 2006 10:58:37 -0000
     40 @@ -148,13 +148,17 @@
     41      unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
     42  
     43      for (i = 1; i <= 16; i++) count[i] = 0;
     44 -    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
     45 +    for (i = 0; i < (unsigned)nchar; i++) {
     46 +        if (bitlen[i] > 16)
     47 +        error("Bad table (case a)\n");
     48 +        else count[bitlen[i]]++;
     49 +    }
     50  
     51      start[1] = 0;
     52      for (i = 1; i <= 16; i++)
     53  	start[i + 1] = start[i] + (count[i] << (16 - i));
     54 -    if ((start[17] & 0xffff) != 0)
     55 -	error("Bad table\n");
     56 +    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
     57 +	error("Bad table (case b)\n");
     58  
     59      jutbits = 16 - tablebits;
     60      for (i = 1; i <= (unsigned)tablebits; i++) {
     61 @@ -168,15 +172,15 @@
     62  
     63      i = start[tablebits + 1] >> jutbits;
     64      if (i != 0) {
     65 -	k = 1 << tablebits;
     66 -	while (i != k) table[i++] = 0;
     67 +	k = MIN(1 << tablebits, DIST_BUFSIZE);
     68 +	while (i < k) table[i++] = 0;
     69      }
     70  
     71      avail = nchar;
     72      mask = (unsigned) 1 << (15 - tablebits);
     73      for (ch = 0; ch < (unsigned)nchar; ch++) {
     74  	if ((len = bitlen[ch]) == 0) continue;
     75 -	nextcode = start[len] + weight[len];
     76 +	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
     77  	if (len <= (unsigned)tablebits) {
     78  	    for (i = start[len]; i < nextcode; i++) table[i] = ch;
     79  	} else {
     80 @@ -217,7 +221,7 @@
     81  	for (i = 0; i < 256; i++) pt_table[i] = c;
     82      } else {
     83  	i = 0;
     84 -	while (i < n) {
     85 +	while (i < MIN(n,NPT)) {
     86  	    c = bitbuf >> (BITBUFSIZ - 3);
     87  	    if (c == 7) {
     88  		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
     89 @@ -227,7 +231,7 @@
     90  	    pt_len[i++] = c;
     91  	    if (i == i_special) {
     92  		c = getbits(2);
     93 -		while (--c >= 0) pt_len[i++] = 0;
     94 +		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
     95  	    }
     96  	}
     97  	while (i < nn) pt_len[i++] = 0;
     98 @@ -247,7 +251,7 @@
     99  	for (i = 0; i < 4096; i++) c_table[i] = c;
    100      } else {
    101  	i = 0;
    102 -	while (i < n) {
    103 +	while (i < MIN(n,NC)) {
    104  	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
    105  	    if (c >= NT) {
    106  		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
    107 @@ -255,14 +259,14 @@
    108  		    if (bitbuf & mask) c = right[c];
    109  		    else               c = left [c];
    110  		    mask >>= 1;
    111 -		} while (c >= NT);
    112 +		} while (c >= NT && (mask || c != left[c]));
    113  	    }
    114  	    fillbuf((int) pt_len[c]);
    115  	    if (c <= 2) {
    116  		if      (c == 0) c = 1;
    117  		else if (c == 1) c = getbits(4) + 3;
    118  		else             c = getbits(CBIT) + 20;
    119 -		while (--c >= 0) c_len[i++] = 0;
    120 +		while (--c >= 0 && i < NC) c_len[i++] = 0;
    121  	    } else c_len[i++] = c - 2;
    122  	}
    123  	while (i < NC) c_len[i++] = 0;
    124 @@ -291,7 +295,7 @@
    125  	    if (bitbuf & mask) j = right[j];
    126  	    else               j = left [j];
    127  	    mask >>= 1;
    128 -	} while (j >= NC);
    129 +	} while (j >= NC && (mask || j != left[j]));
    130      }
    131      fillbuf((int) c_len[j]);
    132      return j;
    133 @@ -308,7 +312,7 @@
    134  	    if (bitbuf & mask) j = right[j];
    135  	    else               j = left [j];
    136  	    mask >>= 1;
    137 -	} while (j >= NP);
    138 +	} while (j >= NP && (mask || j != left[j]));
    139      }
    140      fillbuf((int) pt_len[j]);
    141      if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
    142 @@ -355,7 +359,7 @@
    143      while (--j >= 0) {
    144  	buffer[r] = buffer[i];
    145  	i = (i + 1) & (DICSIZ - 1);
    146 -	if (++r == count) return r;
    147 +	if (++r >= count) return r;
    148      }
    149      for ( ; ; ) {
    150  	c = decode_c();
    151 @@ -365,14 +369,14 @@
    152  	}
    153  	if (c <= UCHAR_MAX) {
    154  	    buffer[r] = c;
    155 -	    if (++r == count) return r;
    156 +	    if (++r >= count) return r;
    157  	} else {
    158  	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
    159  	    i = (r - decode_p() - 1) & (DICSIZ - 1);
    160  	    while (--j >= 0) {
    161  		buffer[r] = buffer[i];
    162  		i = (i + 1) & (DICSIZ - 1);
    163 -		if (++r == count) return r;
    164 +		if (++r >= count) return r;
    165  	    }
    166  	}
    167      }
    168 Index: gnu/usr.bin/gzip/unpack.c
    169 ===================================================================
    170 RCS file: /home/ncvs/src/gnu/usr.bin/gzip/unpack.c,v
    171 retrieving revision 1.6
    172 diff -u -d -r1.6 unpack.c
    173 --- gnu/usr.bin/gzip/unpack.c	27 Aug 1999 23:35:54 -0000	1.6
    174 +++ gnu/usr.bin/gzip/unpack.c	17 Sep 2006 10:58:37 -0000
    175 @@ -12,7 +12,6 @@
    176  #include "gzip.h"
    177  #include "crypt.h"
    178  
    179 -#define MIN(a,b) ((a) <= (b) ? (a) : (b))
    180  /* The arguments must not have side effects. */
    181  
    182  #define MAX_BITLEN 25
    183 @@ -132,7 +131,7 @@
    184  	/* Remember where the literals of this length start in literal[] : */
    185  	lit_base[len] = base;
    186  	/* And read the literals: */
    187 -	for (n = leaves[len]; n > 0; n--) {
    188 +	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
    189  	    literal[base++] = (uch)get_byte();
    190  	}
    191      }
    192 @@ -168,7 +167,7 @@
    193      prefixp = &prefix_len[1<<peek_bits];
    194      for (len = 1; len <= peek_bits; len++) {
    195  	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
    196 -	while (prefixes--) *--prefixp = (uch)len;
    197 +	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
    198      }
    199      /* The length of all other codes is unknown: */
    200      while (prefixp > prefix_len) *--prefixp = 0;
    201