zlib, *BO*: fixes possible segfault (or buffer overrun), for instance if limit (max 65K) is set larger as allocated buffer for inflate-input (default 4K)

author: sebres <sebres@users.sourceforge.net> 2020-04-16 12:55:47 (GMT)
committer: sebres <sebres@users.sourceforge.net> 2020-04-16 12:55:47 (GMT)
commit: a0c779ad224a47f5fe74dd94960022dfbd2b7aa4 (patch)
tree: ff398d191900929c8ab1f0312a633176e3c3b31c
parent: ac1ec8201ea21124d381f218fcaf009deb6e653c (diff)
download: tcl-a0c779ad224a47f5fe74dd94960022dfbd2b7aa4.zip
tcl-a0c779ad224a47f5fe74dd94960022dfbd2b7aa4.tar.gz
tcl-a0c779ad224a47f5fe74dd94960022dfbd2b7aa4.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/generic/tclZlib.c b/generic/tclZlib.c
index 002c6ae..ed29ff9 100644
--- a/generic/tclZlib.c
+++ b/generic/tclZlib.c
@@ -3027,7 +3027,9 @@ ZlibTransformInput(
 	 * reading over the border.
 	 */
 
-	readBytes = Tcl_ReadRaw(cd->parent, cd->inBuffer, cd->readAheadLimit);
+	readBytes = Tcl_ReadRaw(cd->parent, cd->inBuffer, 
+		cd->readAheadLimit <= cd->inAllocated ?
+		cd->readAheadLimit  : cd->inAllocated);
 
 	/*
 	 * Three cases here:
author	sebres <sebres@users.sourceforge.net>	2020-04-16 12:55:47 (GMT)
committer	sebres <sebres@users.sourceforge.net>	2020-04-16 12:55:47 (GMT)
commit	a0c779ad224a47f5fe74dd94960022dfbd2b7aa4 (patch)
tree	ff398d191900929c8ab1f0312a633176e3c3b31c
parent	ac1ec8201ea21124d381f218fcaf009deb6e653c (diff)
download	tcl-a0c779ad224a47f5fe74dd94960022dfbd2b7aa4.zip tcl-a0c779ad224a47f5fe74dd94960022dfbd2b7aa4.tar.gz tcl-a0c779ad224a47f5fe74dd94960022dfbd2b7aa4.tar.bz2