From 5f0ac4a456e8be27562262ebb52cfb137dd48844 Mon Sep 17 00:00:00 2001 From: Matthew Dempsky Date: Mon, 13 Apr 2015 15:31:28 -0700 Subject: [PATCH] compress/flate: reject invalid Huffman encoding sequences When decoding Huffman codes, if an invalid bit sequence is discovered, reject the input instead of treating it as a 0-length code. Fixes #10426. Change-Id: Ie2f1a3a718afd7c6bee73a67480d4b84936c21c9 Reviewed-on: https://go-review.googlesource.com/8893 Run-TryBot: Matthew Dempsky TryBot-Result: Gobot Gobot Reviewed-by: Nigel Tao --- src/compress/flate/flate_test.go | 17 +++++++++++++++++ src/compress/flate/inflate.go | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/compress/flate/flate_test.go b/src/compress/flate/flate_test.go index 068766323358e..5483641510b48 100644 --- a/src/compress/flate/flate_test.go +++ b/src/compress/flate/flate_test.go @@ -60,3 +60,20 @@ func TestIssue6255(t *testing.T) { t.Fatalf("Given sequence of bits is bad and should not succeed.") } } + +func TestInvalidEncoding(t *testing.T) { + // Initialize Huffman decoder to recognize "0". + var h huffmanDecoder + if !h.init([]int{1}) { + t.Fatal("Failed to initialize Huffman decoder") + } + + // Initialize decompressor with invalid Huffman coding. + var f decompressor + f.r = bytes.NewReader([]byte{0xff}) + + _, err := f.huffSym(&h) + if err == nil { + t.Fatal("Should have rejected invalid bit sequence") + } +} diff --git a/src/compress/flate/inflate.go b/src/compress/flate/inflate.go index 76519bbf4274f..911d23316bff4 100644 --- a/src/compress/flate/inflate.go +++ b/src/compress/flate/inflate.go @@ -655,12 +655,12 @@ func (f *decompressor) huffSym(h *huffmanDecoder) (int, error) { if n > huffmanChunkBits { chunk = h.links[chunk>>huffmanValueShift][(f.b>>huffmanChunkBits)&h.linkMask] n = uint(chunk & huffmanCountMask) + } + if n <= f.nb { if n == 0 { f.err = CorruptInputError(f.roffset) return 0, f.err } - } - if n <= f.nb { f.b >>= n f.nb -= n return int(chunk >> huffmanValueShift), nil