[pull] master from madler:master #2
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
The previous releases of zlib were not sensitive to incorrect CRC inputs with bits set above the low 32. This commit restores that behavior, so that applications with such bugs will continue to operate as before.
If the extra field was larger than the space the user provided with inflateGetHeader(), and if multiple calls of inflate() delivered the extra header data, then there could be a buffer overflow of the provided space. This commit assures that provided space is not exceeded.
The recent commit to fix a gzip header extra field processing bug introduced the new bug fixed here.
No code changes.
A fixed block could be chosen when a stored block was smaller. Now the smaller of the two is always chosen.
This improves the non-default expansion from 14% down to 4% in most cases, and 13% in the remainder.
No code changes.
The code was removed, but the builds that used the code were not updated. This fixes that. Thanks to Adenilson and toxieainc for the patches.
Remove unused code and unnecessary test for free().
To avoid warnings when building with -Wmissing-prototypes.
A bug fix in zlib 1.2.12 resulted in a slight slowdown (1-2%) of deflate. This commit provides the option to #define LIT_MEM, which uses more memory to reverse most of that slowdown. The memory for the pending buffer and symbol buffers is increased by 25%, which increases the total memory usage with the default parameters by about 6%.
The appnote says that if the number of entries in the end record is 0xffff, then the actual number of entries will be found in the Zip64 end record. Therefore if the number of entries is equal to 0xffff, it can't be in the end record by itself, since that is an instruction to get the number from the Zip64 end record. This code would just store 0xffff in the end record in that case, not making a Zip64 end record. This commit fixes that.
fdopen() is not used by zlib anymore. The #defines are vestigial.
Since each element in s->d_buf is 2 bytes, the sx index should be multiplied by 2 in the assert. Fixes #897
If it is negative, then the code will enter an infinite loop.
Archive formats such as .zip files are generally susceptible to so-called "traversal attacks". This allows an attacker to craft an archive that writes to unexpected locations of the file system (e.g., /etc/shadow) if an unspecting root user were to unpack a malicious archive. This patch neutralizes absolute paths such as /tmp/moo and deeply relative paths such as dummy/../../../../../../../../../../tmp/moo The Debian project requested CVE-2014-9485 be allocated for the first identified weakness. The fix was incomplete, resulting in a revised patch applied here. Since there wasn't an updated version released by Debian with the incomplete fix, I suggest we use this CVE to identify both issues. Link: https://security.snyk.io/research/zip-slip-vulnerability Link: https://bugs.debian.org/774321 Link: https://bugs.debian.org/776831 Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 Reported-by: Jakub Wilk <[email protected]> Fixed-by: Michael Gilbert <[email protected]>
gz_intmax() is noted in zlib.map. This assures it's always there.
There used to be one, but no more. It is up to the user or vendor to compile zlib.
The --version-script linker option is not supported by the linker on AIX systems
This reverts commit 44dc43a.
This avoids trying to compare a match starting one byte before the current window. Thanks to @zmodem (Hans) for discovering this.
Not all C compilers have a -w option.
This enables the addition of zlib to other projects.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )