[Zlib-devel] inflate_fast() heap-corruption problem in MS code
Mark Adler
madler at alumni.caltech.edu
Sat Dec 14 01:36:00 EST 2002
On Friday, December 13, 2002, at 08:35 AM, Greg Roelofs wrote:
> Is it a long-fixed bug?
Yes. This bug was in 1.0.4, and was fixed in 1.0.5, nearly five years
ago.
Since I dug into the old code to look at this, and in case anyone is
curious, the bug was this: An invalid code is marked with a table
opcode byte of 192. The table of literal/length codes had 192 in the
invalid code positions. However what I overlooked in zlib 1.0.4 was
that when I used that table, I would set the opcode to the table entry
plus 80. So the opcode for invalid codes was incorrectly set to 16.
In 1.0.5, that table was corrected to have 112 in the invalid code
positions, so that 192 ended up in the opcode.
mark
More information about the Zlib-devel
mailing list