| commit | cd0b6ba1f9cc9d63340dbd0c04941cef92d28154 | [log] [tgz] |
|---|---|---|
| author | Mark Adler <madler@alumni.caltech.edu> | Mon Nov 02 16:47:07 2020 +0800 |
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | Tue Jan 12 20:38:38 2021 -0800 |
| tree | 1924669a00a0f7f67ea3d94d8cef8d450f37990c | |
| parent | 1955f28d167171a944d55a97c3fd69bab24e0aa1 [diff] |
Use post-increment only in inffast.c. An old inffast.c optimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this "optimization" was removed, in order to avoid the possibility of undefined behavior. Upstream-Status: Backport http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb CVE: CVE-2016-9841 Change-Id: Iee8db9101a1b160d73451b5ce5d86195d3ed15d6 Signed-off-by: George McCollister <george.mccollister@gmail.com>