Hi,
>>>>> The check in explode.c seems correct since it doesn't have this cast.
>>
>> I didn't say about cast.
>
> But I did...
Yes, I know. No problem.
>> Your diff looks only the fix of inflate.c.
>> Does explode.c not replace with memmove()? That's my question.
>
> You're right It actually does need it. The types involved are unsigned
> in both files (the cast made me think they weren't) so the overlap check
> is incorrect in both. Wonderful.
>
> What worries me a bit is that the NOMEMCPY path uses this:
>
> do {
> redirSlide[w++] = redirSlide[d++];
> } while (--e);
>
> which isn't handling overlaps the way memmove does if w > d but w - d < e.
Currently I recongnized that the patch will be
- do not use NOMEMCPY
- replace memcpy() to memmove() within #ifndef NOMEMCPY --- #endif,
both inflate.c and explode.c
- suitable cast (or remove?) required
I thought simply replace memcpy() to memmove(), and I didn't consider
the cast. unzip is highly complicated code so I have no idea how to fix it,
sorry.
Regards,
--
postscript (to deraadt@)
I like current memcpy(), calling abort() when src/dst area overlapped.
This helps writing my code correctly. Thanks so much.
--
SASANO Takayoshi (JG1UAA) <[email protected]>
