From 74c503916809876165e527bd2996c78df77bc761 Mon Sep 17 00:00:00 2001 From: Jeroen van Rijn Date: Wed, 1 Apr 2026 18:41:39 +0200 Subject: [PATCH 1/3] Revert "Fix #6424" This reverts commit 66be1a799b281d7a733b6fb6b625452b3c69ecc1. --- core/compress/common.odin | 2 ++ core/compress/zlib/zlib.odin | 18 +++++++++--------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/core/compress/common.odin b/core/compress/common.odin index 07ea7b71c..d78aec328 100644 --- a/core/compress/common.odin +++ b/core/compress/common.odin @@ -368,6 +368,8 @@ refill_lsb_from_memory :: #force_inline proc(z: ^Context_Memory_Input, width := if len(z.input_data) != 0 { b = u64(z.input_data[0]) z.input_data = z.input_data[1:] + } else { + b = 0 } z.code_buffer |= b << u8(z.num_bits) diff --git a/core/compress/zlib/zlib.odin b/core/compress/zlib/zlib.odin index 72664846e..e484a4958 100644 --- a/core/compress/zlib/zlib.odin +++ b/core/compress/zlib/zlib.odin @@ -326,7 +326,7 @@ decode_huffman :: proc(z: ^$C, t: ^Huffman_Table) -> (r: u16, err: Error) #no_bo return 0, .Code_Buffer_Malformed } compress.refill_lsb(z) - if z.code_buffer == 0 { + if z.num_bits > 63 { return 0, .Stream_Too_Short } } @@ -491,7 +491,7 @@ inflate_raw :: proc(z: ^$C, expected_output_size := -1, allocator := context.all */ expected_output_size = max(max(expected_output_size, compress.COMPRESS_OUTPUT_ALLOCATE_MIN), 512) - // fmt.printfln("ZLIB: Expected Payload Size: %v", expected_output_size) + // fmt.printf("\nZLIB: Expected Payload Size: %v\n\n", expected_output_size); if expected_output_size > 0 && expected_output_size <= compress.COMPRESS_OUTPUT_ALLOCATE_MAX { /* @@ -522,16 +522,11 @@ inflate_raw :: proc(z: ^$C, expected_output_size := -1, allocator := context.all final := u32(0) type := u32(0) - defer if int(z.bytes_written) != len(z.output.buf) { - resize(&z.output.buf, int(z.bytes_written)) - } - for { final = compress.read_bits_lsb(z, 1) type = compress.read_bits_lsb(z, 2) - // fmt.printfln("len(z): %v", len(z.input_data)) - // fmt.printfln("Final: %v | Type: %v", final, type) + // fmt.printf("Final: %v | Type: %v\n", final, type) switch type { case 0: @@ -566,6 +561,7 @@ inflate_raw :: proc(z: ^$C, expected_output_size := -1, allocator := context.all case 3: return .BType_3 case: + // fmt.printf("Err: %v | Final: %v | Type: %v\n", err, final, type) if type == 1 { // Use fixed code lengths. build_huffman(z_repeat, Z_FIXED_LENGTH[:]) or_return @@ -594,6 +590,7 @@ inflate_raw :: proc(z: ^$C, expected_output_size := -1, allocator := context.all for n < ntot { c = decode_huffman(z, codelength_ht) or_return + if c < 0 || c >= 19 { return .Huffman_Bad_Code_Lengths } @@ -638,12 +635,15 @@ inflate_raw :: proc(z: ^$C, expected_output_size := -1, allocator := context.all } parse_huffman_block(z, z_repeat, z_offset) or_return } - if final == 1 { break } } + if int(z.bytes_written) != len(z.output.buf) { + resize(&z.output.buf, int(z.bytes_written)) or_return + } + return nil } From fbf0c06cf47f11ab9e7892916e56fad66008fe6a Mon Sep 17 00:00:00 2001 From: Jeroen van Rijn Date: Wed, 1 Apr 2026 18:58:16 +0200 Subject: [PATCH 2/3] Temporarily revert 6425 fix. --- core/compress/common.odin | 21 ++++++++++++--------- core/compress/zlib/zlib.odin | 3 --- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/core/compress/common.odin b/core/compress/common.odin index d78aec328..fcda3fc20 100644 --- a/core/compress/common.odin +++ b/core/compress/common.odin @@ -360,23 +360,26 @@ refill_lsb_from_memory :: #force_inline proc(z: ^Context_Memory_Input, width := refill := u64(width) b := u64(0) - if z.num_bits > refill { - return - } - for { + if z.num_bits > refill { + break + } + if z.code_buffer == 0 && z.num_bits > 63 { + z.num_bits = 0 + } + if z.code_buffer >= 1 << uint(z.num_bits) { + // Code buffer is malformed. + z.num_bits = max(u64) + return + } if len(z.input_data) != 0 { b = u64(z.input_data[0]) z.input_data = z.input_data[1:] } else { - b = 0 + return } - z.code_buffer |= b << u8(z.num_bits) z.num_bits += 8 - if z.num_bits > refill { - break - } } } diff --git a/core/compress/zlib/zlib.odin b/core/compress/zlib/zlib.odin index e484a4958..efa9cb906 100644 --- a/core/compress/zlib/zlib.odin +++ b/core/compress/zlib/zlib.odin @@ -322,9 +322,6 @@ decode_huffman_slowpath :: proc(z: ^$C, t: ^Huffman_Table) -> (r: u16, err: Erro @(optimization_mode="favor_size") decode_huffman :: proc(z: ^$C, t: ^Huffman_Table) -> (r: u16, err: Error) #no_bounds_check { if z.num_bits < 16 { - if z.num_bits > 63 { - return 0, .Code_Buffer_Malformed - } compress.refill_lsb(z) if z.num_bits > 63 { return 0, .Stream_Too_Short From b52cc450534b01efbee74572d5235dcff212e9bc Mon Sep 17 00:00:00 2001 From: Stefan Stefanov Date: Wed, 1 Apr 2026 23:03:25 +0300 Subject: [PATCH 3/3] core/crypto/aes: Fix src size check Fixed a faulty check that would check the `dst` twice instead of checking the `src` and `dst` input parameters in `encrypt_ecb()` & `decrypt_ecb()`. --- core/crypto/aes/aes_ecb.odin | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/crypto/aes/aes_ecb.odin b/core/crypto/aes/aes_ecb.odin index cac62de5d..9ec1a9a37 100644 --- a/core/crypto/aes/aes_ecb.odin +++ b/core/crypto/aes/aes_ecb.odin @@ -21,7 +21,7 @@ init_ecb :: proc(ctx: ^Context_ECB, key: []byte, impl := DEFAULT_IMPLEMENTATION) encrypt_ecb :: proc(ctx: ^Context_ECB, dst, src: []byte) { ensure(ctx._is_initialized) ensure(len(dst) == BLOCK_SIZE, "crypto/aes: invalid dst size") - ensure(len(dst) == BLOCK_SIZE, "crypto/aes: invalid src size") + ensure(len(src) == BLOCK_SIZE, "crypto/aes: invalid src size") switch &impl in ctx._impl { case ct64.Context: @@ -35,7 +35,7 @@ encrypt_ecb :: proc(ctx: ^Context_ECB, dst, src: []byte) { decrypt_ecb :: proc(ctx: ^Context_ECB, dst, src: []byte) { ensure(ctx._is_initialized) ensure(len(dst) == BLOCK_SIZE, "crypto/aes: invalid dst size") - ensure(len(dst) == BLOCK_SIZE, "crypto/aes: invalid src size") + ensure(len(src) == BLOCK_SIZE, "crypto/aes: invalid src size") switch &impl in ctx._impl { case ct64.Context: