Am 22.11.23 um 14:06 schrieb Marc-André Lureau:
> Hi
>
> On Wed, Nov 22, 2023 at 5:00 PM Fiona Ebner <f.eb...@proxmox.com> wrote:
>>
>> Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
>> inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
>> required, because it can happen that stream.avail_in becomes zero
>> before coming across a return value of Z_STREAM_END in the loop.
>
> Isn't this an error from the client side then?
>
In my test just now I get Z_BUF_ERROR twice and after the second one,
stream.avail_in is zero. Maybe if you'd call inflate() again, you'd get
Z_STREAM_END, but no such call is made, because we exit the loop.
Would it be better/more correct to ensure that inflate is called again
in such a scenario?
Best Regards,
Fiona
