LibCompress: fail gracefuly on invalid symbols in DeflateDecompressor

author: Idan Horowitz <idan.horowitz@gmail.com> 2021-03-17 18:07:27 +0200
committer: Andreas Kling <kling@serenityos.org> 2021-03-17 21:57:16 +0100
commit: ea7bdf02b810d567cb72d0364dca55844cd4e530 (patch)
tree: f68ad6bcbcdb9ea842ecef9689e60eb08aa9881b
parent: 071ee7c6f46f0565474132f01a22f780c42a8a44 (diff)
download: serenity-ea7bdf02b810d567cb72d0364dca55844cd4e530.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/Userland/Libraries/LibCompress/Deflate.cpp b/Userland/Libraries/LibCompress/Deflate.cpp
index c45839507b..89bd36b0e4 100644
--- a/Userland/Libraries/LibCompress/Deflate.cpp
+++ b/Userland/Libraries/LibCompress/Deflate.cpp
@@ -150,7 +150,7 @@ bool DeflateDecompressor::CompressedBlock::try_read_more()
 
     const auto symbol = m_literal_codes.read_symbol(m_decompressor.m_input_stream);
 
-    if (symbol == UINT32_MAX) {
+    if (symbol >= 286) { // invalid deflate literal/length symbol
         m_decompressor.set_fatal_error();
         return false;
     }
@@ -169,7 +169,7 @@ bool DeflateDecompressor::CompressedBlock::try_read_more()
 
         const auto length = m_decompressor.decode_length(symbol);
         const auto distance_symbol = m_distance_codes.value().read_symbol(m_decompressor.m_input_stream);
-        if (distance_symbol == UINT32_MAX) {
+        if (distance_symbol >= 30) { // invalid deflate distance symbol
             m_decompressor.set_fatal_error();
             return false;
         }
author	Idan Horowitz <idan.horowitz@gmail.com>	2021-03-17 18:07:27 +0200
committer	Andreas Kling <kling@serenityos.org>	2021-03-17 21:57:16 +0100
commit	ea7bdf02b810d567cb72d0364dca55844cd4e530 (patch)
tree	f68ad6bcbcdb9ea842ecef9689e60eb08aa9881b
parent	071ee7c6f46f0565474132f01a22f780c42a8a44 (diff)
download	serenity-ea7bdf02b810d567cb72d0364dca55844cd4e530.zip