commit 49a5b50b31b8305e63dea5db0cc0de1cb093ff4f Author: Nick Mathewson nickm@torproject.org Date: Tue Apr 25 09:55:38 2017 -0400
zlib: Turn UINT_MAX overrun into an error, not an assert. --- src/common/compress_zlib.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/common/compress_zlib.c b/src/common/compress_zlib.c index d8200d5..7e848d5 100644 --- a/src/common/compress_zlib.c +++ b/src/common/compress_zlib.c @@ -213,8 +213,11 @@ tor_zlib_compress_process(tor_zlib_compress_state_t *state, { int err; tor_assert(state != NULL); - tor_assert(*in_len <= UINT_MAX); - tor_assert(*out_len <= UINT_MAX); + if (*in_len > UINT_MAX || + *out_len > UINT_MAX) { + return TOR_COMPRESS_ERROR; + } + state->stream.next_in = (unsigned char*) *in; state->stream.avail_in = (unsigned int)*in_len; state->stream.next_out = (unsigned char*) *out;