Fossil SCM
Fix a (harmless) buffer size miscalculation in the decompression logic.
Commit
52aa366c18eda9946c483e4bf2152ce51cdcd94e
Parent
723f8c200f44c7f…
1 file changed
+1
-1
+1
-1
| --- src/blob.c | ||
| +++ src/blob.c | ||
| @@ -826,11 +826,11 @@ | ||
| 826 | 826 | nOut = (inBuf[0]<<24) + (inBuf[1]<<16) + (inBuf[2]<<8) + inBuf[3]; |
| 827 | 827 | blob_zero(&temp); |
| 828 | 828 | blob_resize(&temp, nOut+1); |
| 829 | 829 | nOut2 = (long int)nOut; |
| 830 | 830 | rc = uncompress((unsigned char*)blob_buffer(&temp), &nOut2, |
| 831 | - &inBuf[4], blob_size(pIn)); | |
| 831 | + &inBuf[4], nIn - 4); | |
| 832 | 832 | if( rc!=Z_OK ){ |
| 833 | 833 | blob_reset(&temp); |
| 834 | 834 | return 1; |
| 835 | 835 | } |
| 836 | 836 | blob_resize(&temp, nOut2); |
| 837 | 837 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -826,11 +826,11 @@ | |
| 826 | nOut = (inBuf[0]<<24) + (inBuf[1]<<16) + (inBuf[2]<<8) + inBuf[3]; |
| 827 | blob_zero(&temp); |
| 828 | blob_resize(&temp, nOut+1); |
| 829 | nOut2 = (long int)nOut; |
| 830 | rc = uncompress((unsigned char*)blob_buffer(&temp), &nOut2, |
| 831 | &inBuf[4], blob_size(pIn)); |
| 832 | if( rc!=Z_OK ){ |
| 833 | blob_reset(&temp); |
| 834 | return 1; |
| 835 | } |
| 836 | blob_resize(&temp, nOut2); |
| 837 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -826,11 +826,11 @@ | |
| 826 | nOut = (inBuf[0]<<24) + (inBuf[1]<<16) + (inBuf[2]<<8) + inBuf[3]; |
| 827 | blob_zero(&temp); |
| 828 | blob_resize(&temp, nOut+1); |
| 829 | nOut2 = (long int)nOut; |
| 830 | rc = uncompress((unsigned char*)blob_buffer(&temp), &nOut2, |
| 831 | &inBuf[4], nIn - 4); |
| 832 | if( rc!=Z_OK ){ |
| 833 | blob_reset(&temp); |
| 834 | return 1; |
| 835 | } |
| 836 | blob_resize(&temp, nOut2); |
| 837 |