Browse code

fuzz - 12178 - Correction to LZW inflate algorithm where left-shift of a larger value would have have been too large for signed long.

Micah Snyder authored on 2019/02/03 08:59:10
Showing 1 changed files
... ...
@@ -94,7 +94,7 @@ typedef struct code_ent {
94 94
 struct lzw_internal_state {
95 95
     /* general state */
96 96
     uint16_t    nbits;      /* # of bits/code */
97
-    long        nextdata;   /* next bits of i/o */
97
+    unsigned long nextdata; /* next bits of i/o */
98 98
     long        nextbits;   /* # of valid bits in lzw_nextdata */
99 99
 
100 100
     /* decoding-specific state */
... ...
@@ -194,7 +194,8 @@ int lzwInflate(lzw_streamp strm)
194 194
     uint8_t *from, *to;
195 195
     unsigned in, out;
196 196
     unsigned have, left;
197
-    long nbits, nextbits, nextdata, nbitsmask;
197
+    long nbits, nextbits, nbitsmask;
198
+    unsigned long nextdata;
198 199
     code_t *codep, *free_entp, *maxcodep, *oldcodep;
199 200
 
200 201
     uint8_t *wp;