From 532a4f3d60f6981b22beb32e6ff688ec41f87e26 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Tue, 2 Nov 2021 17:54:10 -0400
Subject: Detect recoverable but invalid zlib data streams (fixes #562)

---
 zlib-flate/qtest/missing-z-finish.in |  2 ++
 zlib-flate/qtest/zf.test             |  9 ++++++++-
 zlib-flate/zlib-flate.cc             | 12 +++++++++++-
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 zlib-flate/qtest/missing-z-finish.in

(limited to 'zlib-flate')

diff --git a/zlib-flate/qtest/missing-z-finish.in b/zlib-flate/qtest/missing-z-finish.in
new file mode 100644
index 00000000..848c9c5c
--- /dev/null
+++ b/zlib-flate/qtest/missing-z-finish.in
@@ -0,0 +1,2 @@
+xÚ»Ôâ»ˆQÅ£úÙÑr#UÆ?—0&¹±I%ê¬Õd‘JIY¶Ò’‘y!ã’ä²Ô¢TC=c=ƒä¼ÄÜ%Iiyé¾®‘AžŽ>Éiy%0vRz^–—«£Ÿ‚¨gprz^	˜ká¦ä'eZšëXèY&–4®L*IÏ´0105¶400K*)Éò	0247´´Ð5NÊMLu	rM*N®4202i3614´25·20Ð60’I%E™Ff&†¦ Nrš[£Ÿ³kRr>ÐI™Å)ŽIÉ™
+¡A~V¡aÎžV†VnAVFæ–QžF~®æŽ^ÊçÜcÛONùÿ&è@yí„øe!ÿ>ÈÛù_¾Õó3Õ¥‘cyçjéŒ*²çÍNÝ¸wóâöI7æKÉì¾Qcäµ…q	[³sÉ
\ No newline at end of file
diff --git a/zlib-flate/qtest/zf.test b/zlib-flate/qtest/zf.test
index 2b188eb2..2f89ff54 100644
--- a/zlib-flate/qtest/zf.test
+++ b/zlib-flate/qtest/zf.test
@@ -29,4 +29,11 @@ $td->runtest("error",
 	      $td->EXIT_STATUS => 2},
 	     $td->NORMALIZE_NEWLINES);
 
-$td->report(7);
+$td->runtest("corrupted input",
+	     {$td->COMMAND => "zlib-flate -uncompress < missing-z-finish.in"},
+	     {$td->REGEXP =>
+                  "input stream is complete but output may still be valid",
+                  $td->EXIT_STATUS => 3},
+	     $td->NORMALIZE_NEWLINES);
+
+$td->report(8);
diff --git a/zlib-flate/zlib-flate.cc b/zlib-flate/zlib-flate.cc
index 4d65bcc3..ae0fa4e1 100644
--- a/zlib-flate/zlib-flate.cc
+++ b/zlib-flate/zlib-flate.cc
@@ -76,6 +76,12 @@ int main(int argc, char* argv[])
     PointerHolder<Pl_StdioFile> out = new Pl_StdioFile("stdout", stdout);
     PointerHolder<Pl_Flate> flate =
         new Pl_Flate("flate", out.getPointer(), action);
+    bool warn = false;
+    flate->setWarnCallback([&warn](char const* msg, int code) {
+        warn = true;
+        std::cerr << whoami << ": WARNING: zlib code " << code
+                  << ", msg = " << msg << std::endl;
+    });
 
     try
     {
@@ -97,9 +103,13 @@ int main(int argc, char* argv[])
     }
     catch (std::exception& e)
     {
-	std::cerr << e.what() << std::endl;
+	std::cerr << whoami << ": " << e.what() << std::endl;
 	exit(2);
     }
 
+    if (warn)
+    {
+        exit(3);
+    }
     return 0;
 }
-- 
cgit v1.2.3-54-g00ecf