[CVE-2016-9842] Avoid shifts of negative values inflateMark().

The C standard says that bit shifts of negative integers is
undefined.  This casts to unsigned values to assure a known
result.

Change-Id: I217ff9e4407b0627838fc84fd81413098cac0931
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>

diff --git a/compat/zlib/inflate.c b/compat/zlib/inflate.c
index 870f89b..4fd3f3c 100644 (file)
--- a/compat/zlib/inflate.c
+++ b/compat/zlib/inflate.c
@@ -1504,9 +1504,10 @@ z_streamp strm;
 {
     struct inflate_state FAR *state;
 
-    if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return (long)(((unsigned long)0 - 1) << 16);
     state = (struct inflate_state FAR *)strm->state;
-    return ((long)(state->back) << 16) +
+    return (long)(((unsigned long)((long)state->back)) << 16) +
         (state->mode == COPY ? state->length :
             (state->mode == MATCH ? state->was - state->length : 0));
 }