programs/gunzip: allocate at least one byte for decompressed data

libdeflate's 'gunzip' program fails if the uncompressed file size is a nonzero multiple of 4 GiB because then the ISIZE field in the gzip file is 0, so gunzip allocates no space for the decompressed data. Then when libdeflate returns LIBDEFLATE_INSUFFICIENT_SPACE, gunzip doubles the buffer size which stays 0, causing it to report "file corrupt or too large to be processed by this program". While neither libdeflate nor its 'gunzip' program is designed for single gzip streams this large anyway, this particular bug can easily be fixed by always allocating at least one byte for the decompressed data.
2025-08-04 02:06:31 -04:00 · 2019-05-21 21:13:59 -07:00 · 2019-05-21 21:13:59 -07:00 · e90463fb04
commit e90463fb04
parent bc40841abf
1 changed files with 9 additions and 0 deletions
--- a/programs/gzip.c
+++ b/programs/gzip.c
@ -200,7 +200,16 @@ do_decompress(struct libdeflate_decompressor *decompressor,
 	       goto out;
 	}

+	/*
+	 * Use the ISIZE field as a hint for the decompressed data size.  It may
+	 * need to be increased later, however, because the file may contain
+	 * multiple gzip members and the particular ISIZE we happen to use may
+	 * not be the largest; or the real size may be >= 4 GiB, causing ISIZE
+	 * to overflow.  In any case, make sure to allocate at least one byte.
+	 */
 	uncompressed_size = load_u32_gzip(&compressed_data[compressed_size - 4]);
+	if (uncompressed_size == 0)
+		uncompressed_size = 1;

 	do {
 		if (uncompressed_data == NULL) {