提交 9674807c 编写于 作者: M Mark Adler

Fix bugs in creating a very large gzip header.

上级 fc130cdd
...@@ -326,6 +326,9 @@ local int deflateStateCheck (strm) ...@@ -326,6 +326,9 @@ local int deflateStateCheck (strm)
return 1; return 1;
s = strm->state; s = strm->state;
if (s == Z_NULL || s->strm != strm || (s->status != INIT_STATE && if (s == Z_NULL || s->strm != strm || (s->status != INIT_STATE &&
#ifdef GZIP
s->status != GZIP_STATE &&
#endif
s->status != EXTRA_STATE && s->status != EXTRA_STATE &&
s->status != NAME_STATE && s->status != NAME_STATE &&
s->status != COMMENT_STATE && s->status != COMMENT_STATE &&
...@@ -426,7 +429,11 @@ int ZEXPORT deflateResetKeep (strm) ...@@ -426,7 +429,11 @@ int ZEXPORT deflateResetKeep (strm)
if (s->wrap < 0) { if (s->wrap < 0) {
s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */ s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */
} }
s->status = s->wrap ? INIT_STATE : BUSY_STATE; s->status =
#ifdef GZIP
s->wrap == 2 ? GZIP_STATE :
#endif
s->wrap ? INIT_STATE : BUSY_STATE;
strm->adler = strm->adler =
#ifdef GZIP #ifdef GZIP
s->wrap == 2 ? crc32(0L, Z_NULL, 0) : s->wrap == 2 ? crc32(0L, Z_NULL, 0) :
...@@ -584,7 +591,6 @@ uLong ZEXPORT deflateBound(strm, sourceLen) ...@@ -584,7 +591,6 @@ uLong ZEXPORT deflateBound(strm, sourceLen)
{ {
deflate_state *s; deflate_state *s;
uLong complen, wraplen; uLong complen, wraplen;
Bytef *str;
/* conservative upper bound for compressed data */ /* conservative upper bound for compressed data */
complen = sourceLen + complen = sourceLen +
...@@ -603,9 +609,11 @@ uLong ZEXPORT deflateBound(strm, sourceLen) ...@@ -603,9 +609,11 @@ uLong ZEXPORT deflateBound(strm, sourceLen)
case 1: /* zlib wrapper */ case 1: /* zlib wrapper */
wraplen = 6 + (s->strstart ? 4 : 0); wraplen = 6 + (s->strstart ? 4 : 0);
break; break;
#ifdef GZIP
case 2: /* gzip wrapper */ case 2: /* gzip wrapper */
wraplen = 18; wraplen = 18;
if (s->gzhead != Z_NULL) { /* user-supplied gzip header */ if (s->gzhead != Z_NULL) { /* user-supplied gzip header */
Bytef *str;
if (s->gzhead->extra != Z_NULL) if (s->gzhead->extra != Z_NULL)
wraplen += 2 + s->gzhead->extra_len; wraplen += 2 + s->gzhead->extra_len;
str = s->gzhead->name; str = s->gzhead->name;
...@@ -622,6 +630,7 @@ uLong ZEXPORT deflateBound(strm, sourceLen) ...@@ -622,6 +630,7 @@ uLong ZEXPORT deflateBound(strm, sourceLen)
wraplen += 2; wraplen += 2;
} }
break; break;
#endif
default: /* for compiler happiness */ default: /* for compiler happiness */
wraplen = 6; wraplen = 6;
} }
...@@ -676,6 +685,16 @@ local void flush_pending(strm) ...@@ -676,6 +685,16 @@ local void flush_pending(strm)
} }
} }
/* ===========================================================================
* Update the header CRC with the bytes s->pending_buf[beg..s->pending - 1].
*/
#define HCRC_UPDATE(beg) \
do { \
if (s->gzhead->hcrc && s->pending > (beg)) \
strm->adler = crc32(strm->adler, s->pending_buf + (beg), \
s->pending - (beg)); \
} while (0)
/* ========================================================================= */ /* ========================================================================= */
int ZEXPORT deflate (strm, flush) int ZEXPORT deflate (strm, flush)
z_streamp strm; z_streamp strm;
...@@ -696,14 +715,75 @@ int ZEXPORT deflate (strm, flush) ...@@ -696,14 +715,75 @@ int ZEXPORT deflate (strm, flush)
} }
if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
s->strm = strm; /* just in case */
old_flush = s->last_flush; old_flush = s->last_flush;
s->last_flush = flush; s->last_flush = flush;
/* Flush as much pending output as possible */
if (s->pending != 0) {
flush_pending(strm);
if (strm->avail_out == 0) {
/* Since avail_out is 0, deflate will be called again with
* more output space, but possibly with both pending and
* avail_in equal to zero. There won't be anything to do,
* but this is not an error situation so make sure we
* return OK instead of BUF_ERROR at next call of deflate:
*/
s->last_flush = -1;
return Z_OK;
}
/* Make sure there is something to do and avoid duplicate consecutive
* flushes. For repeated and useless calls with Z_FINISH, we keep
* returning Z_STREAM_END instead of Z_BUF_ERROR.
*/
} else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) &&
flush != Z_FINISH) {
ERR_RETURN(strm, Z_BUF_ERROR);
}
/* User must not provide more input after the first FINISH: */
if (s->status == FINISH_STATE && strm->avail_in != 0) {
ERR_RETURN(strm, Z_BUF_ERROR);
}
/* Write the header */ /* Write the header */
if (s->status == INIT_STATE) { if (s->status == INIT_STATE) {
/* zlib header */
uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
uInt level_flags;
if (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2)
level_flags = 0;
else if (s->level < 6)
level_flags = 1;
else if (s->level == 6)
level_flags = 2;
else
level_flags = 3;
header |= (level_flags << 6);
if (s->strstart != 0) header |= PRESET_DICT;
header += 31 - (header % 31);
putShortMSB(s, header);
/* Save the adler32 of the preset dictionary: */
if (s->strstart != 0) {
putShortMSB(s, (uInt)(strm->adler >> 16));
putShortMSB(s, (uInt)(strm->adler & 0xffff));
}
strm->adler = adler32(0L, Z_NULL, 0);
s->status = BUSY_STATE;
/* Compression must start with an empty pending buffer */
flush_pending(strm);
if (s->pending != 0) {
s->last_flush = -1;
return Z_OK;
}
}
#ifdef GZIP #ifdef GZIP
if (s->wrap == 2) { if (s->status == GZIP_STATE) {
/* gzip header */
strm->adler = crc32(0L, Z_NULL, 0); strm->adler = crc32(0L, Z_NULL, 0);
put_byte(s, 31); put_byte(s, 31);
put_byte(s, 139); put_byte(s, 139);
...@@ -719,6 +799,13 @@ int ZEXPORT deflate (strm, flush) ...@@ -719,6 +799,13 @@ int ZEXPORT deflate (strm, flush)
4 : 0)); 4 : 0));
put_byte(s, OS_CODE); put_byte(s, OS_CODE);
s->status = BUSY_STATE; s->status = BUSY_STATE;
/* Compression must start with an empty pending buffer */
flush_pending(strm);
if (s->pending != 0) {
s->last_flush = -1;
return Z_OK;
}
} }
else { else {
put_byte(s, (s->gzhead->text ? 1 : 0) + put_byte(s, (s->gzhead->text ? 1 : 0) +
...@@ -746,167 +833,99 @@ int ZEXPORT deflate (strm, flush) ...@@ -746,167 +833,99 @@ int ZEXPORT deflate (strm, flush)
s->status = EXTRA_STATE; s->status = EXTRA_STATE;
} }
} }
else
#endif
{
uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
uInt level_flags;
if (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2)
level_flags = 0;
else if (s->level < 6)
level_flags = 1;
else if (s->level == 6)
level_flags = 2;
else
level_flags = 3;
header |= (level_flags << 6);
if (s->strstart != 0) header |= PRESET_DICT;
header += 31 - (header % 31);
s->status = BUSY_STATE;
putShortMSB(s, header);
/* Save the adler32 of the preset dictionary: */
if (s->strstart != 0) {
putShortMSB(s, (uInt)(strm->adler >> 16));
putShortMSB(s, (uInt)(strm->adler & 0xffff));
}
strm->adler = adler32(0L, Z_NULL, 0);
}
}
#ifdef GZIP
if (s->status == EXTRA_STATE) { if (s->status == EXTRA_STATE) {
if (s->gzhead->extra != Z_NULL) { if (s->gzhead->extra != Z_NULL) {
uInt beg = s->pending; /* start of bytes to update crc */ ulg beg = s->pending; /* start of bytes to update crc */
uInt left = (s->gzhead->extra_len & 0xffff) - s->gzindex;
while (s->gzindex < (s->gzhead->extra_len & 0xffff)) { while (s->pending + left > s->pending_buf_size) {
if (s->pending == s->pending_buf_size) { uInt copy = s->pending_buf_size - s->pending;
if (s->gzhead->hcrc && s->pending > beg) zmemcpy(s->pending_buf + s->pending,
strm->adler = crc32(strm->adler, s->pending_buf + beg, s->gzhead->extra + s->gzindex, copy);
s->pending - beg); s->pending = s->pending_buf_size;
HCRC_UPDATE(beg);
s->gzindex += copy;
flush_pending(strm); flush_pending(strm);
beg = s->pending; if (s->pending != 0) {
if (s->pending == s->pending_buf_size) s->last_flush = -1;
break; return Z_OK;
} }
put_byte(s, s->gzhead->extra[s->gzindex]); beg = 0;
s->gzindex++; left -= copy;
} }
if (s->gzhead->hcrc && s->pending > beg) zmemcpy(s->pending_buf + s->pending,
strm->adler = crc32(strm->adler, s->pending_buf + beg, s->gzhead->extra + s->gzindex, left);
s->pending - beg); s->pending += left;
if (s->gzindex == s->gzhead->extra_len) { HCRC_UPDATE(beg);
s->gzindex = 0; s->gzindex = 0;
s->status = NAME_STATE;
} }
}
else
s->status = NAME_STATE; s->status = NAME_STATE;
} }
if (s->status == NAME_STATE) { if (s->status == NAME_STATE) {
if (s->gzhead->name != Z_NULL) { if (s->gzhead->name != Z_NULL) {
uInt beg = s->pending; /* start of bytes to update crc */ ulg beg = s->pending; /* start of bytes to update crc */
int val; int val;
do { do {
if (s->pending == s->pending_buf_size) { if (s->pending == s->pending_buf_size) {
if (s->gzhead->hcrc && s->pending > beg) HCRC_UPDATE(beg);
strm->adler = crc32(strm->adler, s->pending_buf + beg,
s->pending - beg);
flush_pending(strm); flush_pending(strm);
beg = s->pending; if (s->pending != 0) {
if (s->pending == s->pending_buf_size) { s->last_flush = -1;
val = 1; return Z_OK;
break;
} }
beg = 0;
} }
val = s->gzhead->name[s->gzindex++]; val = s->gzhead->name[s->gzindex++];
put_byte(s, val); put_byte(s, val);
} while (val != 0); } while (val != 0);
if (s->gzhead->hcrc && s->pending > beg) HCRC_UPDATE(beg);
strm->adler = crc32(strm->adler, s->pending_buf + beg,
s->pending - beg);
if (val == 0) {
s->gzindex = 0; s->gzindex = 0;
s->status = COMMENT_STATE;
}
} }
else
s->status = COMMENT_STATE; s->status = COMMENT_STATE;
} }
if (s->status == COMMENT_STATE) { if (s->status == COMMENT_STATE) {
if (s->gzhead->comment != Z_NULL) { if (s->gzhead->comment != Z_NULL) {
uInt beg = s->pending; /* start of bytes to update crc */ ulg beg = s->pending; /* start of bytes to update crc */
int val; int val;
do { do {
if (s->pending == s->pending_buf_size) { if (s->pending == s->pending_buf_size) {
if (s->gzhead->hcrc && s->pending > beg) HCRC_UPDATE(beg);
strm->adler = crc32(strm->adler, s->pending_buf + beg,
s->pending - beg);
flush_pending(strm); flush_pending(strm);
beg = s->pending; if (s->pending != 0) {
if (s->pending == s->pending_buf_size) { s->last_flush = -1;
val = 1; return Z_OK;
break;
} }
beg = 0;
} }
val = s->gzhead->comment[s->gzindex++]; val = s->gzhead->comment[s->gzindex++];
put_byte(s, val); put_byte(s, val);
} while (val != 0); } while (val != 0);
if (s->gzhead->hcrc && s->pending > beg) HCRC_UPDATE(beg);
strm->adler = crc32(strm->adler, s->pending_buf + beg,
s->pending - beg);
if (val == 0)
s->status = HCRC_STATE;
} }
else
s->status = HCRC_STATE; s->status = HCRC_STATE;
} }
if (s->status == HCRC_STATE) { if (s->status == HCRC_STATE) {
if (s->gzhead->hcrc) { if (s->gzhead->hcrc) {
if (s->pending + 2 > s->pending_buf_size) if (s->pending + 2 > s->pending_buf_size) {
flush_pending(strm); flush_pending(strm);
if (s->pending + 2 <= s->pending_buf_size) { if (s->pending != 0) {
s->last_flush = -1;
return Z_OK;
}
}
put_byte(s, (Byte)(strm->adler & 0xff)); put_byte(s, (Byte)(strm->adler & 0xff));
put_byte(s, (Byte)((strm->adler >> 8) & 0xff)); put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
strm->adler = crc32(0L, Z_NULL, 0); strm->adler = crc32(0L, Z_NULL, 0);
s->status = BUSY_STATE;
}
} }
else
s->status = BUSY_STATE; s->status = BUSY_STATE;
}
#endif
/* Flush as much pending output as possible */ /* Compression must start with an empty pending buffer */
if (s->pending != 0) {
flush_pending(strm); flush_pending(strm);
if (strm->avail_out == 0) { if (s->pending != 0) {
/* Since avail_out is 0, deflate will be called again with
* more output space, but possibly with both pending and
* avail_in equal to zero. There won't be anything to do,
* but this is not an error situation so make sure we
* return OK instead of BUF_ERROR at next call of deflate:
*/
s->last_flush = -1; s->last_flush = -1;
return Z_OK; return Z_OK;
} }
/* Make sure there is something to do and avoid duplicate consecutive
* flushes. For repeated and useless calls with Z_FINISH, we keep
* returning Z_STREAM_END instead of Z_BUF_ERROR.
*/
} else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) &&
flush != Z_FINISH) {
ERR_RETURN(strm, Z_BUF_ERROR);
}
/* User must not provide more input after the first FINISH: */
if (s->status == FINISH_STATE && strm->avail_in != 0) {
ERR_RETURN(strm, Z_BUF_ERROR);
} }
#endif
/* Start a new block or continue the current one. /* Start a new block or continue the current one.
*/ */
......
...@@ -51,13 +51,16 @@ ...@@ -51,13 +51,16 @@
#define Buf_size 16 #define Buf_size 16
/* size of bit buffer in bi_buf */ /* size of bit buffer in bi_buf */
#define INIT_STATE 42 #define INIT_STATE 42 /* zlib header -> BUSY_STATE */
#define EXTRA_STATE 69 #ifdef GZIP
#define NAME_STATE 73 # define GZIP_STATE 57 /* gzip header -> BUSY_STATE | EXTRA_STATE */
#define COMMENT_STATE 91 #endif
#define HCRC_STATE 103 #define EXTRA_STATE 69 /* gzip extra block -> NAME_STATE */
#define BUSY_STATE 113 #define NAME_STATE 73 /* gzip file name -> COMMENT_STATE */
#define FINISH_STATE 666 #define COMMENT_STATE 91 /* gzip comment -> HCRC_STATE */
#define HCRC_STATE 103 /* gzip header CRC -> BUSY_STATE */
#define BUSY_STATE 113 /* deflate -> FINISH_STATE */
#define FINISH_STATE 666 /* stream complete */
/* Stream status */ /* Stream status */
...@@ -100,10 +103,10 @@ typedef struct internal_state { ...@@ -100,10 +103,10 @@ typedef struct internal_state {
Bytef *pending_buf; /* output still pending */ Bytef *pending_buf; /* output still pending */
ulg pending_buf_size; /* size of pending_buf */ ulg pending_buf_size; /* size of pending_buf */
Bytef *pending_out; /* next pending byte to output to the stream */ Bytef *pending_out; /* next pending byte to output to the stream */
uInt pending; /* nb of bytes in the pending buffer */ ulg pending; /* nb of bytes in the pending buffer */
int wrap; /* bit 0 true for zlib, bit 1 true for gzip */ int wrap; /* bit 0 true for zlib, bit 1 true for gzip */
gz_headerp gzhead; /* gzip header information to write */ gz_headerp gzhead; /* gzip header information to write */
uInt gzindex; /* where in extra, name, or comment */ ulg gzindex; /* where in extra, name, or comment */
Byte method; /* can only be DEFLATED */ Byte method; /* can only be DEFLATED */
int last_flush; /* value of flush param for previous deflate call */ int last_flush; /* value of flush param for previous deflate call */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册