Poor handling of truncated streams #27
Comments
|
The caller can detect truncated streams if it knows how many bytes it expects (gzip, PNG, etc.). |
|
There is a flag in the deflate block header that tells if it's the last block, so if the stream ends without hitting and ending a block with that flag, it's likely truncated. This should be pretty easy to check for. |
|
Ahh, so there's both an end of block marker and that bit. Yeah then we could have a method, e.g. |
|
Ah, I wasn't aware that callers generally knew how many bytes to expect. In that case, this probably doesn't matter much. I just noticed it because of the test to check for missing CRC. An Should Similarly, should |
Currently
InflateStream::updatenearly always returnsOkfor truncated streams, and this flows through to the higher level APIs. There should be some way to determine that more data is still expected, but I don't see how the current API allows for this. The documentation says to callInflateStream::updateuntil it returns 0 bytes, but none of the current callers do this, and I don't see how it can work. In general, the last call that passes some input data toInflateStream::updatewill make progress, and then there is no further input data to pass, so the caller will never get 0 bytes returned.The one exception that I can see was introduced in #24, and that only occurs if there are less than 4 bytes currently available when in state
CheckCRC. Actually, this check is wrong, because the CRC may be split over twoupdatecalls.The text was updated successfully, but these errors were encountered: