run_len_dist: validate that dist is not 0. Fixes information disclosure vulnerability in this function. This is not exploitable in practice, because run_len_dist() is not exposes in the public API and is never called with dist=0 from this crate, even given deliberately malformed inputs.

Author: Shnatsel

src/lib.rs

@@ -625,6 +625,9 @@ impl InflateStream {
     fn run_len_dist(&mut self, len: u16, dist: u16) -> Result<Option<u16>, String> {
         debug!("RLE -{}; {} (cap={} len={})", dist, len,
                self.buffer.capacity(), self.buffer.len());
+        if dist < 1 {
+            return Err("invalid run length in stream".to_owned());
+        }
         let buffer_size = self.buffer.capacity() as u16;
         let len = if self.pos < dist {
             // Handle copying from ahead, until we hit the end reading.