motiejus/zig

fork of https://codeberg.org/ziglang/zig
git clone https://git.jakstys.lt/motiejus/zig.git
Log | Tree | Refs | README | LICENSE

commit 5db1a3cd33339bb28e1354b58374bf1c18e15e6e (tree)
parent 684264908e50bc8537fc10859e93ccdf8d94509e
Author: mllken <emilliken@gmail.com>
Date:   Wed, 12 Oct 2022 19:46:03 +0700

gzip: add bounds for safer header parsing

Diffstat:
Mlib/std/compress/gzip.zig | 6++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/std/compress/gzip.zig b/lib/std/compress/gzip.zig @@ -15,6 +15,8 @@ const FEXTRA = 1 << 2; const FNAME = 1 << 3; const FCOMMENT = 1 << 4; +const max_string_len = 1024; + pub fn GzipStream(comptime ReaderType: type) type { return struct { const Self = @This(); @@ -71,7 +73,7 @@ pub fn GzipStream(comptime ReaderType: type) type { filename = try source.readUntilDelimiterAlloc( allocator, 0, - std.math.maxInt(usize), + max_string_len, ); } errdefer if (filename) |p| allocator.free(p); @@ -81,7 +83,7 @@ pub fn GzipStream(comptime ReaderType: type) type { comment = try source.readUntilDelimiterAlloc( allocator, 0, - std.math.maxInt(usize), + max_string_len, ); } errdefer if (comment) |p| allocator.free(p);