From 5db1a3cd33339bb28e1354b58374bf1c18e15e6e Mon Sep 17 00:00:00 2001
From: mllken <emilliken@gmail.com>
Date: Wed, 12 Oct 2022 19:46:03 +0700
Subject: [PATCH] gzip: add bounds for safer header parsing

---
 lib/std/compress/gzip.zig | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/std/compress/gzip.zig b/lib/std/compress/gzip.zig
index 2377e182c2..8734aec767 100644
--- a/lib/std/compress/gzip.zig
+++ b/lib/std/compress/gzip.zig
@@ -15,6 +15,8 @@ const FEXTRA = 1 << 2;
 const FNAME = 1 << 3;
 const FCOMMENT = 1 << 4;
 
+const max_string_len = 1024;
+
 pub fn GzipStream(comptime ReaderType: type) type {
     return struct {
         const Self = @This();
@@ -71,7 +73,7 @@ pub fn GzipStream(comptime ReaderType: type) type {
                 filename = try source.readUntilDelimiterAlloc(
                     allocator,
                     0,
-                    std.math.maxInt(usize),
+                    max_string_len,
                 );
             }
             errdefer if (filename) |p| allocator.free(p);
@@ -81,7 +83,7 @@ pub fn GzipStream(comptime ReaderType: type) type {
                 comment = try source.readUntilDelimiterAlloc(
                     allocator,
                     0,
-                    std.math.maxInt(usize),
+                    max_string_len,
                 );
             }
             errdefer if (comment) |p| allocator.free(p);