summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
3519f88)
This can happen if an uncompressed block is present, since then the match
offset LRU queue is filled directly from the input buffer. Too-large
offsets were already checked later, but offsets of 0 would cause
uninitialized memory to remain in the output buffer.
queue->R[0] = bitstream_read_u32(istream);
queue->R[1] = bitstream_read_u32(istream);
queue->R[2] = bitstream_read_u32(istream);
queue->R[0] = bitstream_read_u32(istream);
queue->R[1] = bitstream_read_u32(istream);
queue->R[2] = bitstream_read_u32(istream);
+
+ /* Offsets of 0 are invalid. */
+ if (queue->R[0] == 0 || queue->R[1] == 0 || queue->R[2] == 0)
+ return -1;