Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:
> We've had this bug before - thinking that we don't need to inflate()
> anything because we already had it all..
>
> Linus
Thanks. I think we _do_ need a big fat warning near the code to
avoid the same mistake in the future. Something like this?
diff --git a/sha1_file.c b/sha1_file.c
index 9fe2bd6..d273aff 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1030,7 +1030,17 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
n = size;
memcpy(buf, (char *) buffer + bytes, n);
bytes = n;
- if (bytes < size) {
+ if (bytes <= size) {
+ /*
+ * The above condition must be (bytes <= size), not
+ * (bytes < size). In other words, even if we expect
+ * no more output, the input zlib stream may have bytes
+ * that express "this concludes the stream", and we do
+ * want to eat that input. Otherwise we would not be
+ * able to test that we consumed all the input to reach
+ * the expected size *and* zlib gave status == Z_STREAM_END
+ * to signal all went well.
+ */
stream->next_out = buf + bytes;
stream->avail_out = size - bytes;
while (status == Z_OK)
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html