tor_zlib_process fails when trying to finish with no input or output bytes.
|Reported by:||nickm||Owned by:|
|Severity:||Keywords:||tor-relay, zlib, 025-backport, 026-triaged-0, nickm-patch, 2016-bug-retrospective|
zlib reports Z_BUF_ERROR when it is out of input or out of output. Currently, we handle that with:
case Z_BUF_ERROR: if (state->stream.avail_in == 0) return TOR_ZLIB_OK; return TOR_ZLIB_BUF_FULL;
But that's wrong -- if avail_in is 0, but finish is set, then we are trying to finalize the stream, and we really do have something to write. That test should be state->stream.avail_in == 0 && !finish)
Marking this for 0.2.5 even though I am pretty sure this can never actually happen with the way write_to_buf_zlib works: write_to_buf_zlib ensures that we are never trying to write into a completely empty buffer, and zlib says "Z_OK" if you give it even one byte to write into.
Change History (14)
comment:5 Changed 3 years ago by nickm
- Keywords 025-backport added
- Milestone changed from Tor: 0.2.5.x-final to Tor: 0.2.6.x-final
comment:11 Changed 3 years ago by nickm
- Resolution set to fixed
- Status changed from needs_review to closed