From 1c0a0af511effbd75beffa6c5e54fd64d3563860 Mon Sep 17 00:00:00 2001 From: Mikhail Zaslonko Date: Tue, 21 Feb 2023 14:16:17 +0100 Subject: [PATCH] lib/zlib: DFLTCC deflate does not write all available bits for Z_NO_FLUSH DFLTCC deflate with Z_NO_FLUSH might generate a corrupted stream when the output buffer is not large enough to fit all the deflate output at once. The problem takes place on closing the deflate block since flush_pending() might leave some output bits not written. Similar problem for software deflate with Z_BLOCK flush option (not supported by kernel zlib deflate) has been fixed a while ago in userspace zlib but the fix never got to the kernel. Now flush_pending() flushes the bit buffer before copying out the byte buffer, in order to really flush as much as possible. Currently there are no users of DFLTCC deflate with Z_NO_FLUSH option in the kernel so the problem remained hidden for a while. This commit is based on the old zlib commit: https://github.com/madler/zlib/commit/0b828b4 Link: https://lkml.kernel.org/r/20230221131617.3369978-2-zaslonko@linux.ibm.com Signed-off-by: Mikhail Zaslonko Acked-by: Ilya Leoshkevich Cc: Heiko Carstens Cc: Vasily Gorbik Signed-off-by: Andrew Morton --- lib/zlib_deflate/defutil.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/zlib_deflate/defutil.h b/lib/zlib_deflate/defutil.h index 385333b22ec6..4ea40f5a279f 100644 --- a/lib/zlib_deflate/defutil.h +++ b/lib/zlib_deflate/defutil.h @@ -420,9 +420,11 @@ static inline void flush_pending( z_streamp strm ) { + unsigned len; deflate_state *s = (deflate_state *) strm->state; - unsigned len = s->pending; + bi_flush(s); + len = s->pending; if (len > strm->avail_out) len = strm->avail_out; if (len == 0) return;