[Zlib-devel] Silent acceptance of invalid distance codes
Cosmin Truta
cosmin at cs.toronto.edu
Sat Sep 18 04:23:27 EDT 2004
On Fri, 17 Sep 2004, Mark Adler wrote:
> On Sep 16, 2004, at 9:25 PM, Cosmin Truta wrote:
> > The inflater discards the value of CINFO found in the zlib stream: it
> > tests whether CINFO is no bigger than state->wbits (e.g. line 599 in
> > zlib-1.2.1.2/inflate.c), but it loses this value afterwards.
>
> Yes, that was intentional. I wanted inflate to be generous and be able
> to decode whatever the sliding window would permit, regardless of what
> the zlib header said.
Good idea. I was thinking about issuing at least a warning, but then I
realized that zlib does not issue warnings.
> I do not want to change the default behavior of inflate in this regard,
> since it's been out so long that something out there will probably
> break if I do. However I would be willing to add a response to a
> compile-time request, e.g. #define INFLATE_STRICT, to check that.
> Would that be acceptable?
Okay. Maybe this can be done even after 1.2.2, say in 1.2.2.1, and be
used by developers only. (I don't think that 1.2.2 needs to be delayed
because of this.)
Cosmin
More information about the Zlib-devel
mailing list