From ea7bdf02b810d567cb72d0364dca55844cd4e530 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Wed, 17 Mar 2021 18:07:27 +0200
Subject: [PATCH] LibCompress: fail gracefuly on invalid symbols in
 DeflateDecompressor

---
 Userland/Libraries/LibCompress/Deflate.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Userland/Libraries/LibCompress/Deflate.cpp b/Userland/Libraries/LibCompress/Deflate.cpp
index c45839507b..89bd36b0e4 100644
--- a/Userland/Libraries/LibCompress/Deflate.cpp
+++ b/Userland/Libraries/LibCompress/Deflate.cpp
@@ -150,7 +150,7 @@ bool DeflateDecompressor::CompressedBlock::try_read_more()
 
     const auto symbol = m_literal_codes.read_symbol(m_decompressor.m_input_stream);
 
-    if (symbol == UINT32_MAX) {
+    if (symbol >= 286) { // invalid deflate literal/length symbol
         m_decompressor.set_fatal_error();
         return false;
     }
@@ -169,7 +169,7 @@ bool DeflateDecompressor::CompressedBlock::try_read_more()
 
         const auto length = m_decompressor.decode_length(symbol);
         const auto distance_symbol = m_distance_codes.value().read_symbol(m_decompressor.m_input_stream);
-        if (distance_symbol == UINT32_MAX) {
+        if (distance_symbol >= 30) { // invalid deflate distance symbol
             m_decompressor.set_fatal_error();
             return false;
         }