From e3e985064a6b9d338edc86cf3e807345a26b64af Mon Sep 17 00:00:00 2001
From: nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 23 Aug 2011 02:36:13 +0000
Subject: * ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of  
 gzip header is readable to avoid SEGV.

* test/zlib/test_zlib.rb (test_corrupted_header): Test it.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@33023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/zlib/zlib.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ext/zlib/zlib.c')

diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index 08963a923e..a235cbb621 100644
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -2306,6 +2306,9 @@ gzfile_read_header(struct gzfile *gz)
 	zstream_discard_input(&gz->z, 2 + len);
     }
     if (flags & GZ_FLAG_ORIG_NAME) {
+	if (!gzfile_read_raw_ensure(gz, 1)) {
+	    rb_raise(cGzError, "unexpected end of file");
+	}
 	p = gzfile_read_raw_until_zero(gz, 0);
 	len = p - RSTRING_PTR(gz->z.input);
 	gz->orig_name = rb_str_new(RSTRING_PTR(gz->z.input), len);
@@ -2313,6 +2316,9 @@ gzfile_read_header(struct gzfile *gz)
 	zstream_discard_input(&gz->z, len + 1);
     }
     if (flags & GZ_FLAG_COMMENT) {
+	if (!gzfile_read_raw_ensure(gz, 1)) {
+	    rb_raise(cGzError, "unexpected end of file");
+	}
 	p = gzfile_read_raw_until_zero(gz, 0);
 	len = p - RSTRING_PTR(gz->z.input);
 	gz->comment = rb_str_new(RSTRING_PTR(gz->z.input), len);
-- 
cgit v1.2.3