zError(errno) crashes with invalid error code - Githubissues

madler / zlib

A massively spiffy yet delicately unobtrusive compression library.

http://zlib.net/

Other

5.55k stars 2.42k forks source link

zError(errno) crashes with invalid error code #889

Closed cyruscyliu closed 8 months ago

cyruscyliu commented 8 months ago

As expected, zError(errno) shall return NULL if errno is not a valid error code. However, there is no check in the current implementation.

https://github.com/madler/zlib/blob/643e17b7498d12ab8d15565662880579692f769d/zutil.c#L131 https://github.com/madler/zlib/blob/643e17b7498d12ab8d15565662880579692f769d/zutil.c#L132 https://github.com/madler/zlib/blob/643e17b7498d12ab8d15565662880579692f769d/zutil.h#L59

A misuse could leak information as zError() might return a manually crafted pointer.

Could you please comment or fix it?

madler commented 8 months ago

Thank you for the report. Though zError() is an undocumented function, and so not part of the zlib application interface, I have nevertheless added a bounds check for it.