--- gzip-1.3.9/unlzh.c.4337	2007-01-15 16:31:53.000000000 +0100
+++ gzip-1.3.9/unlzh.c	2007-01-15 16:38:08.000000000 +0100
@@ -154,8 +154,8 @@
     start[1] = 0;
     for (i = 1; i <= 16; i++)
 	start[i + 1] = start[i] + (count[i] << (16 - i));
-    if ((start[17] & 0xffff) != 0)
-      gzip_error ("Bad table\n");
+    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
+      gzip_error ("Bad table (case b)\n"); 
 
     jutbits = 16 - tablebits;
     for (i = 1; i <= (unsigned)tablebits; i++) {
@@ -169,15 +169,15 @@
 
     i = start[tablebits + 1] >> jutbits;
     if (i != 0) {
-	k = 1 << tablebits;
-	while (i != k) table[i++] = 0;
+        k = MIN(1 << tablebits, DIST_BUFSIZE);
+        while (i < k) table[i++] = 0;
     }
 
     avail = nchar;
     mask = (unsigned) 1 << (15 - tablebits);
     for (ch = 0; ch < (unsigned)nchar; ch++) {
 	if ((len = bitlen[ch]) == 0) continue;
-	nextcode = start[len] + weight[len];
+	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
 	if (len <= (unsigned)tablebits) {
 	    if ((unsigned) 1 << tablebits < nextcode)
 	      gzip_error ("Bad table\n");
@@ -220,7 +220,7 @@
 	for (i = 0; i < 256; i++) pt_table[i] = c;
     } else {
 	i = 0;
-	while (i < n) {
+	while (i < MIN(n,NPT)) {
 	    c = bitbuf >> (BITBUFSIZ - 3);
 	    if (c == 7) {
 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
@@ -232,7 +232,7 @@
 	    pt_len[i++] = c;
 	    if (i == i_special) {
 		c = getbits(2);
-		while (--c >= 0) pt_len[i++] = 0;
+		while (--c >= 0 && i < NPT) pt_len[i++] = 0; 
 	    }
 	}
 	while (i < nn) pt_len[i++] = 0;
@@ -252,7 +252,7 @@
 	for (i = 0; i < 4096; i++) c_table[i] = c;
     } else {
 	i = 0;
-	while (i < n) {
+	while (i < MIN(n,NC)) { 
 	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
 	    if (c >= NT) {
 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
@@ -267,7 +267,7 @@
 		if      (c == 0) c = 1;
 		else if (c == 1) c = getbits(4) + 3;
 		else             c = getbits(CBIT) + 20;
-		while (--c >= 0) c_len[i++] = 0;
+		while (--c >= 0 && i < NC) c_len[i++] = 0; 
 	    } else c_len[i++] = c - 2;
 	}
 	while (i < NC) c_len[i++] = 0;
@@ -360,7 +360,7 @@
     while (--j >= 0) {
 	buffer[r] = buffer[i];
 	i = (i + 1) & (DICSIZ - 1);
-	if (++r == count) return r;
+	if (++r >= count) return r;
     }
     for ( ; ; ) {
 	c = decode_c();
@@ -370,14 +370,14 @@
 	}
 	if (c <= UCHAR_MAX) {
 	    buffer[r] = c;
-	    if (++r == count) return r;
+	    if (++r >= count) return r;
 	} else {
 	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
 	    i = (r - decode_p() - 1) & (DICSIZ - 1);
 	    while (--j >= 0) {
 		buffer[r] = buffer[i];
 		i = (i + 1) & (DICSIZ - 1);
-		if (++r == count) return r;
+		if (++r >= count) return r;
 	    }
 	}
     }
--- gzip-1.3.9/gzip.h.4337	2007-01-15 16:31:53.000000000 +0100
+++ gzip-1.3.9/gzip.h	2007-01-15 16:38:52.000000000 +0100
@@ -224,6 +224,8 @@
 #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
 #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
 
+#define MIN(a,b) ((a) <= (b) ? (a) : (b)) 
+
 /* put_byte is used for the compressed output, put_ubyte for the
  * uncompressed output. However unlzw() uses window for its
  * suffix table instead of its output buffer, so it does not use put_ubyte
--- gzip-1.3.9/unpack.c.4337	2007-01-15 16:31:53.000000000 +0100
+++ gzip-1.3.9/unpack.c	2007-01-15 16:39:12.000000000 +0100
@@ -26,9 +26,6 @@
 #include "gzip.h"
 #include "crypt.h"
 
-#define MIN(a,b) ((a) <= (b) ? (a) : (b))
-/* The arguments must not have side effects. */
-
 #define MAX_BITLEN 25
 /* Maximum length of Huffman codes. (Minor modifications to the code
  * would be needed to support 32 bits codes, but pack never generates