aepko/Ardupilot2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AP_ROMFS: fixed range check in tinflate

Browse Source 
this could cause valid compressed data to fail decompression
This commit is contained in:
Andrew Tridgell 2021-02-23 13:54:49 +11:00
parent b4119aa07b
commit 1c74f14162
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/AP_ROMFS/tinflate.cpp
View File

@ -353,7 +353,7 @@ static int tinf_decode_trees(TINF_DATA *d, TINF_TREE *lt, TINF_TREE *dt)
/* special code length 16-18 are handled here */ /* special code length 16-18 are handled here */
length = tinf_read_bits(d, lbits, lbase); length = tinf_read_bits(d, lbits, lbase);
if (num + length >= hlimit) return TINF_DATA_ERROR; if (num + length > hlimit) return TINF_DATA_ERROR;
for (; length; --length) for (; length; --length)
{ {
lengths[num++] = fill_value; lengths[num++] = fill_value;