[Zlib-devel] zlib 1.2.1 inflate bug (fixed in 1.2.1.1)
Gilles Vollant
info at winimage.com
Wed Jun 2 07:54:01 EDT 2004
Using my zlibwapi.dll with minigz.exe and 1249-1.gz :
With DLL from 1.2.1 -> it display "minigz: 1249-1.gz: invalid distances set"
With DLL from 1.2.1.1 , I obtain a 1249-1 file (size : 16777216 bytes, crc32
= 376B9BAE, md5 = 427BC496598497498945D02589C14ACD )
-----Original Message-----
From: Mark Adler [mailto:madler at alumni.caltech.edu]
Sent: Sunday, May 30, 2004 4:28 AM
To: zlib-devel at zlib.net
Subject: [Zlib-devel] zlib 1.2.1 inflate bug (fixed in 1.2.1.1)
On May 16, 2004, at 5:02 AM, Gilles Vollant wrote:
> I ask again : what is the risk, and how can we obtain a zipfile that
> zlib
> 1.2.1 did not inflate ?
The risk is zero if the deflate stream was made by zlib, gzip, or info-zip,
since the particular missed aspect of the deflate format is not used by
Jean-loup's code. The risk is apparently very small in other cases, since
there has been only the one report. I do not know what software created the
zip file from which the test file was constructed.
You can get the test file here (~ 13 MB):
http://www.alumni.caltech.edu/~madler/1249-1.gz
> The fix is not released four month after being wrote, so I suppose
> this is not a big risk...
That does not necessarily follow. :-) However in this case it appears to
not be a big risk. However it is an unconscionable bug.
By the way, the only report that I saw on 1.2.1.1's operability was from
Cosmin.
mark
More information about the Zlib-devel
mailing list