bug 1146
Denis Vlasenko
vda.linux at googlemail.com
Wed Jan 10 12:34:49 PST 2007
Hi Eric,
Thanks for reporting this bug.
(http://busybox.net/bugs/view.php?id=1146)
First, can you send me a testcase (a .gz which bbox doesn't gunzip ok)?
I would like to understand how come static-izing n and d
can change anything. Someone on bug page says it "fixes"
gzip. Let's see.
Current svn ("buggy", but I failed to reproduce):
} else { /* it's an EOB or a length */
/* length and index for copy */
unsigned n = n; /* for gcc */
unsigned d = d; /* for gcc */
/* exit if end of block */
if (e == 15) {
break;
}
/* get length of block to copy */
bb = fill_bitbuffer(PASS_STATE bb, &k, e);
n is assigned ====> n = t->v.n + ((unsigned) bb & mask_bits[e]);
bb >>= e;
k -= e;
/* decode distance of block to copy */
bb = fill_bitbuffer(PASS_STATE bb, &k, bd);
t = td + ((unsigned) bb & md);
e = t->e;
if (e > 16)
do {
if (e == 99)
bb_error_msg_and_die("inflate_codes error 2");
bb >>= t->b;
k -= t->b;
e -= 16;
bb = fill_bitbuffer(PASS_STATE bb, &k, e);
t = t->v.t + ((unsigned) bb & mask_bits[e]);
e = t->e;
} while (e > 16);
bb >>= t->b;
k -= t->b;
bb = fill_bitbuffer(PASS_STATE bb, &k, e);
d is assigned ====> d = w - t->v.n - ((unsigned) bb & mask_bits[e]);
bb >>= e;
k -= e;
/* do the copy */
do_copy:
do {
/* Was: n -= (e = (e = GUNZIP_WSIZE - ((d &= GUNZIP_WSIZE - 1) > w ? d : w)) > n ? n : e); */
/* Who wrote THAT?? rewritten as: */
d &= GUNZIP_WSIZE - 1;
e = GUNZIP_WSIZE - (d > w ? d : w);
....
do you see WHERE n or d are used before assignment? I do not.
--
vda
More information about the busybox
mailing list