commit a9bd296d051d3edccf7eb07517d89eaa47ddb872
from: Stefan Sperling <stsp@stsp.name>
date: Tue Feb 08 10:48:04 2022 UTC

fix infinite loop in got-index-pack for pack files >= 4GB in size

Because of a missing range check our zlib wrapper would end up
calling zlib over and over with zero bytes of input.

Problem reported by semarie and naddy.
Fixed with help from millert@.

ok millert naddy

commit - 1d918cf99eb38998939247bea7f749f199390dc3
commit + a9bd296d051d3edccf7eb07517d89eaa47ddb872
blob - 6a151f9c54a8c0f4fc4fea9a4c91ecc7dec71aed
blob + 3c97a77f77b3da0548ab67dbcb2685723456ee39
--- lib/deflate.c
+++ lib/deflate.c
@@ -153,7 +153,10 @@ got_deflate_read_mmap(struct got_deflate_buf *zb, uint
 		size_t last_total_in = z->total_in;
 		if (z->avail_in == 0) {
 			z->next_in = map + offset + *consumed;
-			z->avail_in = len - *consumed;
+			if (len - *consumed > UINT_MAX)
+				z->avail_in = UINT_MAX;
+			else
+				z->avail_in = len - *consumed;
 			if (z->avail_in == 0) {
 				/* EOF */
 				ret = deflate(z, Z_FINISH);
blob - b0426141094227c79e5dd1d6e3cd0e5c2a0b28f0
blob + 83651a59bfd0bb7010ea28f96ca5569af7be698d
--- lib/inflate.c
+++ lib/inflate.c
@@ -249,7 +249,10 @@ got_inflate_read_mmap(struct got_inflate_buf *zb, uint
 				break;
 			}
 			z->next_in = map + offset + *consumed;
-			z->avail_in = len - *consumed;
+			if (len - *consumed > UINT_MAX)
+				z->avail_in = UINT_MAX;
+			else
+				z->avail_in = len - *consumed;
 		}
 		if (zb->csum) {
 			csum_in = z->next_in;