diff options
Diffstat (limited to 'lib/decompress_inflate.c')
| -rw-r--r-- | lib/decompress_inflate.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/lib/decompress_inflate.c b/lib/decompress_inflate.c index fc686c7a0a0..19ff89e34ee 100644 --- a/lib/decompress_inflate.c +++ b/lib/decompress_inflate.c | |||
| @@ -19,7 +19,6 @@ | |||
| 19 | #include "zlib_inflate/inflate.h" | 19 | #include "zlib_inflate/inflate.h" |
| 20 | 20 | ||
| 21 | #include "zlib_inflate/infutil.h" | 21 | #include "zlib_inflate/infutil.h" |
| 22 | #include <linux/slab.h> | ||
| 23 | 22 | ||
| 24 | #endif /* STATIC */ | 23 | #endif /* STATIC */ |
| 25 | 24 | ||
| @@ -27,7 +26,7 @@ | |||
| 27 | 26 | ||
| 28 | #define GZIP_IOBUF_SIZE (16*1024) | 27 | #define GZIP_IOBUF_SIZE (16*1024) |
| 29 | 28 | ||
| 30 | static int nofill(void *buffer, unsigned int len) | 29 | static int INIT nofill(void *buffer, unsigned int len) |
| 31 | { | 30 | { |
| 32 | return -1; | 31 | return -1; |
| 33 | } | 32 | } |
| @@ -38,13 +37,12 @@ STATIC int INIT gunzip(unsigned char *buf, int len, | |||
| 38 | int(*flush)(void*, unsigned int), | 37 | int(*flush)(void*, unsigned int), |
| 39 | unsigned char *out_buf, | 38 | unsigned char *out_buf, |
| 40 | int *pos, | 39 | int *pos, |
| 41 | void(*error_fn)(char *x)) { | 40 | void(*error)(char *x)) { |
| 42 | u8 *zbuf; | 41 | u8 *zbuf; |
| 43 | struct z_stream_s *strm; | 42 | struct z_stream_s *strm; |
| 44 | int rc; | 43 | int rc; |
| 45 | size_t out_len; | 44 | size_t out_len; |
| 46 | 45 | ||
| 47 | set_error_fn(error_fn); | ||
| 48 | rc = -1; | 46 | rc = -1; |
| 49 | if (flush) { | 47 | if (flush) { |
| 50 | out_len = 0x8000; /* 32 K */ | 48 | out_len = 0x8000; /* 32 K */ |
| @@ -100,13 +98,22 @@ STATIC int INIT gunzip(unsigned char *buf, int len, | |||
| 100 | * possible asciz filename) | 98 | * possible asciz filename) |
| 101 | */ | 99 | */ |
| 102 | strm->next_in = zbuf + 10; | 100 | strm->next_in = zbuf + 10; |
| 101 | strm->avail_in = len - 10; | ||
| 103 | /* skip over asciz filename */ | 102 | /* skip over asciz filename */ |
| 104 | if (zbuf[3] & 0x8) { | 103 | if (zbuf[3] & 0x8) { |
| 105 | while (strm->next_in[0]) | 104 | do { |
| 106 | strm->next_in++; | 105 | /* |
| 107 | strm->next_in++; | 106 | * If the filename doesn't fit into the buffer, |
| 107 | * the file is very probably corrupt. Don't try | ||
| 108 | * to read more data. | ||
| 109 | */ | ||
| 110 | if (strm->avail_in == 0) { | ||
| 111 | error("header error"); | ||
| 112 | goto gunzip_5; | ||
| 113 | } | ||
| 114 | --strm->avail_in; | ||
| 115 | } while (*strm->next_in++); | ||
| 108 | } | 116 | } |
| 109 | strm->avail_in = len - (strm->next_in - zbuf); | ||
| 110 | 117 | ||
| 111 | strm->next_out = out_buf; | 118 | strm->next_out = out_buf; |
| 112 | strm->avail_out = out_len; | 119 | strm->avail_out = out_len; |