github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix undefined behavior/crash in GZipEncoder 

When the output buffer is full, outbuf[produced] references past the buffer end, leading to UB and a possible assertion failure.
Fixes #1968, #1964
pull/1970/head
Nikita Ofitserov 2022-08-24 17:28:04 +03:00 committed by GitHub
parent 05f3c47988
commit 42038422f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/GZipEncoder.cc
View File

@ -87,7 +87,7 @@ std::string GZipEncoder::encode(const unsigned char* in, size_t length,
throw DL_ABORT_EX(fmt("libz::deflate() failed. cause:%s", strm_->msg)); throw DL_ABORT_EX(fmt("libz::deflate() failed. cause:%s", strm_->msg));
} }
size_t produced = outbuf.size() - strm_->avail_out; size_t produced = outbuf.size() - strm_->avail_out;
out.append(&outbuf[0], &outbuf[produced]); out.append(outbuf.data(), outbuf.data() + produced);
if (strm_->avail_out > 0) { if (strm_->avail_out > 0) {
break; break;
} }