* backport r33023 from trunk.

* ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of gzip header is readable to avoid SEGV. * test/zlib/test_zlib.rb (test_corrupted_header): Test it. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33025 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2011-08-23 06:16:16 +0000
committer: nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2011-08-23 06:16:16 +0000
commit: 91d6e312f57abf0d017cbd78991b1adc15aecae5 (patch)
tree: 9eca255c753e8ba215cfbd6e0f44943f6f27eee7 /ext
parent: c1ba3ce7a1d73b0998bce557179304bfcec95d26 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index b5a740df96..42c2c75f92 100644
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -2306,6 +2306,9 @@ gzfile_read_header(struct gzfile *gz)
 	zstream_discard_input(&gz->z, 2 + len);
     }
     if (flags & GZ_FLAG_ORIG_NAME) {
+	if (!gzfile_read_raw_ensure(gz, 1)) {
+	    rb_raise(cGzError, "unexpected end of file");
+	}
 	p = gzfile_read_raw_until_zero(gz, 0);
 	len = p - RSTRING_PTR(gz->z.input);
 	gz->orig_name = rb_str_new(RSTRING_PTR(gz->z.input), len);
@@ -2313,6 +2316,9 @@ gzfile_read_header(struct gzfile *gz)
 	zstream_discard_input(&gz->z, len + 1);
     }
     if (flags & GZ_FLAG_COMMENT) {
+	if (!gzfile_read_raw_ensure(gz, 1)) {
+	    rb_raise(cGzError, "unexpected end of file");
+	}
 	p = gzfile_read_raw_until_zero(gz, 0);
 	len = p - RSTRING_PTR(gz->z.input);
 	gz->comment = rb_str_new(RSTRING_PTR(gz->z.input), len);
author	nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2011-08-23 06:16:16 +0000
committer	nahi <nahi@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2011-08-23 06:16:16 +0000
commit	91d6e312f57abf0d017cbd78991b1adc15aecae5 (patch)
tree	9eca255c753e8ba215cfbd6e0f44943f6f27eee7 /ext
parent	c1ba3ce7a1d73b0998bce557179304bfcec95d26 (diff)