Per-message deflate causes bad_alloc on message length of 0

Question

Per-message deflate causes bad_alloc on message length of 0

cake4289 opened this issue 5 years ago · comments

The return code of ::deflate is not checked - it returns Z_BUF_ERROR when:

It has already processed data before; and
It is passed a buffer with a length of zero

This happens when sending a message (other than the first message) over a websocket with a size of 0.

Then, resizing the output vector to size() - 4, which is a huge number as size() is zero, throws a bad_alloc exception.

I believe following RFC 7692 7.2.1 to the letter would fix this:

   2.  If the resulting data does not end with an empty DEFLATE block
       with no compression (the "BTYPE" bits are set to 00), append an
       empty DEFLATE block with no compression to the tail end.

Doug Hoyte · Answer 1 · Sat Aug 03 2019 00:10:02 GMT+0800 (China Standard Time)

@cake4289 - Thanks for the bug report! Is it possible for you to send a pull request?

offa · Answer 2 · Mon Aug 05 2019 18:02:46 GMT+0800 (China Standard Time)

Thanks @cake4289 for providing a fix that fast! 👍

Doug Hoyte · Answer 3 · Mon Aug 05 2019 20:54:18 GMT+0800 (China Standard Time)

@cake4289 - Great, thanks!