| commit | 882a88b0f7951c4ad511899d9cf8cc3b7e5d37b0 | [log] [tgz] |
|---|---|---|
| author | Mark Adler <madler@alumni.caltech.edu> | Mon Nov 02 16:44:53 2020 +0800 |
| committer | Lijuan Gao <lijuang@codeaurora.org> | Mon Nov 02 17:32:25 2020 +0800 |
| tree | 910b6d4e07b20d751d6db12cc08f940f04f7f28f | |
| parent | b98e37cf80b6a83024524201c8efe1307d50085a [diff] |
Remove offset pointer optimization in inftrees.c. inftrees.c was subtracting an offset from a pointer to an array, in order to provide a pointer that allowed indexing starting at the offset. This is not compliant with the C standard, for which the behavior of a pointer decremented before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this tiny optimization was removed, in order to avoid the possibility of undefined behavior. Upstream-Status: Backport http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 CVE: CVE-2016-9840 Change-Id: I76d280f448f1bb5ab3e7de3a3e93793d6880698a Signed-off-by: George McCollister <george.mccollister@gmail.com>