fix buffer over-read in sinfl.h

src/third_party/sinfl/sinfl.h

@@ -126,6 +126,7 @@ extern "C" {
 
 struct sinfl {
   const unsigned char *bitptr;
+  const unsigned char *bitend;
   unsigned long long bitbuf;
   int bitcnt;
 
@@ -215,9 +216,22 @@ sinfl_copy128(unsigned char **dst, unsigned char **src) {
 #endif
 static void
 sinfl_refill(struct sinfl *s) {
-  s->bitbuf |= sinfl_read64(s->bitptr) << s->bitcnt;
-  s->bitptr += (63 - s->bitcnt) >> 3;
-  s->bitcnt |= 56; /* bitcount in range [56,63] */
+  if (s->bitend - s->bitptr >= 8) {
+    // @raysan5: original code, only those 3 lines
+    s->bitbuf |= sinfl_read64(s->bitptr) << s->bitcnt;
+    s->bitptr += (63 - s->bitcnt) >> 3;
+    s->bitcnt |= 56; /* bitcount in range [56,63] */
+  } else {
+    // @raysan5: added this case when bits remaining < 8
+    int bitswant = 63 - s->bitcnt;
+    int byteswant = bitswant >> 3;
+    int bytesuse = s->bitend - s->bitptr <= byteswant ? (int)(s->bitend - s->bitptr) : byteswant;
+    unsigned long long n = 0;
+    memcpy(&n, s->bitptr, bytesuse);
+    s->bitbuf |= n << s->bitcnt;
+    s->bitptr += bytesuse;
+    s->bitcnt += bytesuse << 3;
+  }
 }
 static int
 sinfl_peek(struct sinfl *s, int cnt) {
@@ -389,6 +403,7 @@ sinfl_decompress(unsigned char *out, size_t cap, const unsigned char *in, size_t
   int last = 0;
 
   s.bitptr = in;
+  s.bitend = e;
   while (1) {
     switch (state) {
     case hdr: {