Skip to content

Commit

Permalink
miniz: apply CVE-2018-12913 fix from mainstream
Browse files Browse the repository at this point in the history
  • Loading branch information
@sezero
sezero committed Dec 29, 2024
1 parent 9b84fcd commit 49c8da9
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions Quake/miniz.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -651,6 +651,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
bit_buf >>= code_len;
num_bits -= code_len;

/* assert(sym2 != 0 && counter != 0); */
if (sym2 == 0 && counter == 0)
{
TINFL_CR_RETURN_FOREVER(40, TINFL_STATUS_FAILED);
}

pOut_buf_cur[0] = (mz_uint8)counter;
if (sym2 & 256)
{
Expand Down

2 comments on commit 49c8da9

@j4reporting
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit prevents a successful start. Windows and Linux

ERROR-OUT BEGIN
QUAKE ERROR: Error extracting embedded pack

@sezero
Copy link
Collaborator Author

@sezero sezero commented on 49c8da9 Jan 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dropped a note about it at richgel999/miniz#329

Please sign in to comment.