deflate_medium: fix handling of overlapping matches

Fixes madler#361
Linaro · Jul 18, 2019 · d4b927b · d4b927b
1 parent 6f6bdcb
commit d4b927b
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -859,6 +859,13 @@ if (ZLIB_ENABLE_TESTS)
         target_link_libraries(CVE-2003-0107 zlib)
         add_test(NAME CVE-2003-0107 COMMAND CVE-2003-0107)
     endif()
+
+    set(GH_361_COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:minigzip> -4)
+    add_test(NAME GH-361
+        COMMAND ${CMAKE_COMMAND}
+        "-DCOMMAND=${GH_361_COMMAND}"
+        -DINPUT=${CMAKE_CURRENT_SOURCE_DIR}/test/GH-361/test.txt
+        -P ${CMAKE_CURRENT_SOURCE_DIR}/cmake/run-and-redirect.cmake)
 endif()
 
 FEATURE_SUMMARY(WHAT ALL INCLUDE_QUIET_PACKAGES)

diff --git a/deflate_medium.c b/deflate_medium.c
@@ -110,6 +110,8 @@ static void insert_match(deflate_state *s, struct match match) {
             } else {
                 functable.insert_string(s, match.strstart, match.orgstart - match.strstart + 1);
             }
+        } else if (match.orgstart < match.strstart + match.match_length) {
+            functable.insert_string(s, match.orgstart, match.strstart + match.match_length - match.orgstart);
         }
         match.strstart += match.match_length;
         match.match_length = 0;

diff --git a/test/GH-361/test.txt b/test/GH-361/test.txt
@@ -0,0 +1,4 @@
+.....-.u..|u....-...!..A.#?)9.._B..F..|
+00000650  fa 13 88 89 2c 1f 81 0f  e4 e9 ce 39 a0 87 2e 2e  |....,......9....|
+00000660  a5 0c 08 9c ec fc 88 6d  16 02 0a a0 3d fc 36 29  |.......m....=.6)|
+00000670  8d f5 c3 ba 1d 07 f4 78  e1 a0 41 f9 89 15 a5 69  |.......x..A....
diff --git a/test/INDEX b/test/INDEX
@@ -5,6 +5,8 @@ CVE-2002-0059  :
 CVE-2004-0797  :
 CVE-2005-1849  :
 CVE-2005-2096  : test cases for the relevant CVEs
+GH-361         : test case for overlapping matches
+                 https://github.com/zlib-ng/zlib-ng/issues/361
 
 testCVEinputs.sh: script to run tests for CVEs where input data is supplied
 
diff --git a/test/Makefile.in b/test/Makefile.in
@@ -14,7 +14,7 @@ COMPATTESTS =
 QEMU_RUN=
 QEMU_VER:=$(shell command -v $(QEMU_RUN) --version 2> /dev/null)
 
-all: oldtests cvetests $(COMPATTESTS) fuzzer
+all: oldtests cvetests $(COMPATTESTS) fuzzer ghtests
 
 oldtests: #set by ../configure
 check_cross_dep:
@@ -96,6 +96,12 @@ CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
 CVE-2003-0107$(EXE): CVE-2003-0107.o
 	$(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)
 
+.PHONY: ghtests
+ghtests: testGH-361
+
+.PHONY: testGH-361
+testGH-361:
+	$(QEMU_RUN) ../minigzip$(EXE) -4 <$(SRCDIR)/GH-361/test.txt >/dev/null
 
 clean:
 	rm -f *.o *.gcda *.gcno *.gcov