From 3616bf804b1e7b9be5e2769b1e4a7d74d575b13c Mon Sep 17 00:00:00 2001
From: Martin <martin@urbackup.org>
Date: Mon, 18 Jun 2018 22:17:43 +0200
Subject: [PATCH] Fix heap overflow to user buffer in tinfl_status
 tinfl_decompress

---
 miniz_tinfl.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/miniz_tinfl.c b/miniz_tinfl.c
index 7ab36df..1dfbe70 100644
--- a/miniz_tinfl.c
+++ b/miniz_tinfl.c
@@ -540,18 +540,19 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                     }
                 }
 #endif
-                do
+                while(counter>2)
                 {
                     pOut_buf_cur[0] = pSrc[0];
                     pOut_buf_cur[1] = pSrc[1];
                     pOut_buf_cur[2] = pSrc[2];
                     pOut_buf_cur += 3;
                     pSrc += 3;
-                } while ((int)(counter -= 3) > 2);
-                if ((int)counter > 0)
+					counter -= 3;
+                }
+                if (counter > 0)
                 {
                     pOut_buf_cur[0] = pSrc[0];
-                    if ((int)counter > 1)
+                    if (counter > 1)
                         pOut_buf_cur[1] = pSrc[1];
                     pOut_buf_cur += counter;
                 }