Hi,
I made a patch [1] for a bug I reported some times ago [2].
gzinflate() passes the Z_FINISH flag to inflate(). This flag may be used when
the length of the decoded data is known, so that the data is decoded in one
pass.
When gzinflate() do not know the decoded length, it grows the buffer and try
again while inflate() returns Z_BUF_ERROR.
The problem is that Z_FINISH causes inflate() to also return Z_BUF_ERROR when
the encoded data is truncated or corrupted, which may cause an infinite loop.
The patch removes the use of the Z_FINISH flag so that inflate() returns
usable error codes. This also allows to continue the decoding where inflate
stopped it when the buffer was not large enough for the decoded data.
I made two test cases [3], one I made when I reported the bug, and the other
to test the case where the $length argument is too small, so that the
function is almost entirely covered.
[1] http://arnaud.lb.s3.amazonaws.com/gzinflate-bug42663.patch
[2] http://bugs.php.net/bug.php?id=42663
[3] http://arnaud.lb.s3.amazonaws.com/gzinflate-phpt.tar.bz2
Regards,
Arnaud