From c40965039b41d17835015d106a87ab169bd8dcf7 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 15 Jul 2025 18:23:47 +0000
Subject: [PATCH] Check length of format option before accessing

---
 nse_zlib.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nse_zlib.cc b/nse_zlib.cc
index 32a88b9c6..7641fc2bf 100644
--- a/nse_zlib.cc
+++ b/nse_zlib.cc
@@ -564,7 +564,10 @@ static int lzstream_decompress(lua_State *L) {
                 success = (l == 0) ? lz_test_eof(L, s) : lz_read_chars(L, s, l);
             }
             else {
-                const char *p = lua_tostring(L, n);
+                size_t l;
+                const char *p = lua_tolstring(L, n, &l);
+                if (l < 2)
+                    return luaL_argerror(L, n, "invalid format");
                 luaL_argcheck(L, p && p[0] == '*', n, "invalid option");
                 switch (p[1]) {
                     case 'l':  /* line */