Re: [patch] Unitialized value passed to zlib's deflate() function

[Thomas Klausner <tk%giga.or.at@localhost>]

On Sun, Jan 31, 2010 at 12:35:54PM +0300, Alexander Galanin wrote:
> Hello!
> 
> I found that zip_add_data_uncomp can pass unitialized value to zlib's
> deflate() function. This problem happens where empty file added to
> archive.
> 
> You can reproduce this using attached test by 'make valgrind'.
> 
> The following patch fixes the problem:
> 
> --- libzip-0.9.orig/lib/zip_close.c     2010-01-31 12:29:21.000000000 +0300
> +++ libzip-0.9/lib/zip_close.c  2010-01-31 12:29:31.000000000 +0300
> @@ -445,6 +445,7 @@
>      zstr.next_out = (Bytef *)b2;
>      zstr.avail_out = sizeof(b2);
>      zstr.avail_in = 0;
> +    zstr.next_in = (Bytef *)b1;
>  
>      flush = 0;
>      end = 0;

I've set it to NULL instead; since avail_in is 0, it shouldn't read
anything from the pointer anyway... Is valgrind happy now? (it's in
0.9.2)

> @@ -457,7 +458,6 @@
>             }
>             if (n > 0) {
>                 zstr.avail_in = n;
> -               zstr.next_in = (Bytef *)b1;
>                 st->size += n;
>                 st->crc = crc32(st->crc, (Bytef *)b1, n);
>             }

This part is wrong. next_in may have been updated by a previous
deflate call, we need to reset it.
 Thomas