From 97fd5ccdd86f4c84b128e905c663b2bd7e6397fe Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 8 Jan 2014 23:21:23 +0100 Subject: [PATCH] [deflate] Fix literal data length calculation Fix incorrect calculation used to determine length of data to be copied within a literal data block, and add a test case to prevent this bug from going undetected in future. Signed-off-by: Michael Brown --- src/crypto/deflate.c | 2 +- src/tests/deflate_test.c | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/crypto/deflate.c b/src/crypto/deflate.c index 1854eff43..91a489961 100644 --- a/src/crypto/deflate.c +++ b/src/crypto/deflate.c @@ -609,7 +609,7 @@ int deflate_inflate ( struct deflate *deflate, /* Calculate available amount of literal data */ in_remaining = ( in->len - in->offset ); len = deflate->remaining; - if ( len < in_remaining ) + if ( len > in_remaining ) len = in_remaining; /* Copy data to output buffer */ diff --git a/src/tests/deflate_test.c b/src/tests/deflate_test.c index 1223492fa..68c1aad96 100644 --- a/src/tests/deflate_test.c +++ b/src/tests/deflate_test.c @@ -78,6 +78,12 @@ DEFLATE ( literal, DEFLATE_RAW, DATA ( 0x01, 0x04, 0x00, 0xfb, 0xff, 0x69, 0x50, 0x58, 0x45 ), DATA ( 0x69, 0x50, 0x58, 0x45 ) ); +/* "iPXE" string, no compression, split into two literals */ +DEFLATE ( split_literal, DEFLATE_RAW, + DATA ( 0x00, 0x02, 0x00, 0xfd, 0xff, 0x69, 0x50, 0x01, 0x02, 0x00, + 0xfd, 0xff, 0x58, 0x45 ), + DATA ( 0x69, 0x50, 0x58, 0x45 ) ); + /* Empty file */ DEFLATE ( empty, DEFLATE_RAW, DATA ( 0x03, 0x00 ), DATA() ); @@ -215,6 +221,7 @@ static void deflate_test_exec ( void ) { /* Test as a single pass */ deflate_ok ( deflate, &empty_literal, NULL ); deflate_ok ( deflate, &literal, NULL ); + deflate_ok ( deflate, &split_literal, NULL ); deflate_ok ( deflate, &empty, NULL ); deflate_ok ( deflate, &hello_world, NULL ); deflate_ok ( deflate, &hello_hello_world, NULL );