commit 5db1a3cd33339bb28e1354b58374bf1c18e15e6e (tree)
parent 684264908e50bc8537fc10859e93ccdf8d94509e
Author: mllken <emilliken@gmail.com>
Date: Wed, 12 Oct 2022 19:46:03 +0700
gzip: add bounds for safer header parsing
Diffstat:
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/std/compress/gzip.zig b/lib/std/compress/gzip.zig
@@ -15,6 +15,8 @@ const FEXTRA = 1 << 2;
const FNAME = 1 << 3;
const FCOMMENT = 1 << 4;
+const max_string_len = 1024;
+
pub fn GzipStream(comptime ReaderType: type) type {
return struct {
const Self = @This();
@@ -71,7 +73,7 @@ pub fn GzipStream(comptime ReaderType: type) type {
filename = try source.readUntilDelimiterAlloc(
allocator,
0,
- std.math.maxInt(usize),
+ max_string_len,
);
}
errdefer if (filename) |p| allocator.free(p);
@@ -81,7 +83,7 @@ pub fn GzipStream(comptime ReaderType: type) type {
comment = try source.readUntilDelimiterAlloc(
allocator,
0,
- std.math.maxInt(usize),
+ max_string_len,
);
}
errdefer if (comment) |p| allocator.free(p);