tinfl hangs with certain invalid input files.

[AliceLR]

Some input files cause tinfl to build a Huffman tree containing codes of length 0 which it can then encounter in the stream. When it reads one of these codes, tinfl will get stuck writing output until it runs out of buffer or system memory.

Input files (raw DEFLATE): miniz_code_len_0.zip

Reproduceable with this test program: https://gist.github.com/AliceLR/e77554141fc6b62af920f4e1c9a3747a

This patch works around this bug, but better is probably possible (does tinfl reject blocks with underspecified trees?):

diff --git a/miniz_tinfl.c b/miniz_tinfl.c
index 027b0d6..6fe2ee8 100644
--- a/miniz_tinfl.c
+++ b/miniz_tinfl.c
@@ -456,6 +456,8 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         counter = sym2;
                         bit_buf >>= code_len;
                         num_bits -= code_len;
+                        if (!code_len)
+                            TINFL_CR_RETURN_FOREVER(100, TINFL_STATUS_FAILED);
                         if (counter & 256)
                             break;
 
@@ -479,6 +481,8 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex
                         }
                         bit_buf >>= code_len;
                         num_bits -= code_len;
+                        if (!code_len)
+                            TINFL_CR_RETURN_FOREVER(101, TINFL_STATUS_FAILED);
 
                         pOut_buf_cur[0] = (mz_uint8)counter;
                         if (sym2 & 256)

[AliceLR]

The same loop can get stuck following the branch that uses TINFL_HUFF_DECODE at line 418: miniz_code_len_0b.zip