deflate_medium: fix handling of overlapping matches

Fixes #361
2025-06-18 11:35:35 -04:00 · 2019-06-14 15:33:04 +02:00 · 2019-06-14 15:33:04 +02:00 · d4b927b346
commit d4b927b346
parent 6f6bdcb47f
5 changed files with 22 additions and 1 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -859,6 +859,13 @@ if (ZLIB_ENABLE_TESTS)
        target_link_libraries(CVE-2003-0107 zlib)
        add_test(NAME CVE-2003-0107 COMMAND CVE-2003-0107)
    endif()
+
+    set(GH_361_COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:minigzip> -4)
+    add_test(NAME GH-361
+        COMMAND ${CMAKE_COMMAND}
+        "-DCOMMAND=${GH_361_COMMAND}"
+        -DINPUT=${CMAKE_CURRENT_SOURCE_DIR}/test/GH-361/test.txt
+        -P ${CMAKE_CURRENT_SOURCE_DIR}/cmake/run-and-redirect.cmake)
 endif()

 FEATURE_SUMMARY(WHAT ALL INCLUDE_QUIET_PACKAGES)
--- a/deflate_medium.c
+++ b/deflate_medium.c
@ -110,6 +110,8 @@ static void insert_match(deflate_state *s, struct match match) {
            } else {
                functable.insert_string(s, match.strstart, match.orgstart - match.strstart + 1);
            }
+        } else if (match.orgstart < match.strstart + match.match_length) {
+            functable.insert_string(s, match.orgstart, match.strstart + match.match_length - match.orgstart);
        }
        match.strstart += match.match_length;
        match.match_length = 0;
--- a/test/GH-361/test.txt
+++ b/test/GH-361/test.txt
@ -0,0 +1,4 @@
+.....-.u..|u....-...!..A.#?)9.._B..F..|
+00000650  fa 13 88 89 2c 1f 81 0f  e4 e9 ce 39 a0 87 2e 2e  |....,......9....|
+00000660  a5 0c 08 9c ec fc 88 6d  16 02 0a a0 3d fc 36 29  |.......m....=.6)|
+00000670  8d f5 c3 ba 1d 07 f4 78  e1 a0 41 f9 89 15 a5 69  |.......x..A....
--- a/test/INDEX
+++ b/test/INDEX
@ -5,6 +5,8 @@ CVE-2002-0059  :
 CVE-2004-0797  :
 CVE-2005-1849  :
 CVE-2005-2096  : test cases for the relevant CVEs
+GH-361         : test case for overlapping matches
+                 https://github.com/zlib-ng/zlib-ng/issues/361

 testCVEinputs.sh: script to run tests for CVEs where input data is supplied

--- a/test/Makefile.in
+++ b/test/Makefile.in
@ -14,7 +14,7 @@ COMPATTESTS =
 QEMU_RUN=
 QEMU_VER:=$(shell command -v $(QEMU_RUN) --version 2> /dev/null)

-all: oldtests cvetests $(COMPATTESTS) fuzzer
+all: oldtests cvetests $(COMPATTESTS) fuzzer ghtests

 oldtests: #set by ../configure
 check_cross_dep:
@ -96,6 +96,12 @@ CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
 CVE-2003-0107$(EXE): CVE-2003-0107.o
 	$(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)

+.PHONY: ghtests
+ghtests: testGH-361
+
+.PHONY: testGH-361
+testGH-361:
+	$(QEMU_RUN) ../minigzip$(EXE) -4 <$(SRCDIR)/GH-361/test.txt >/dev/null

 clean:
 	rm -f *.o *.gcda *.gcno *.gcov