krak/zstd
1
0
Fork 0
mirror of https://github.com/facebook/zstd.git synced 2025-10-31 08:37:43 +02:00
Code Issues Releases 1 Activity

Fix Buffer Overflow in Legacy (v0.3) Raw Literals Decompression

Browse Source
This commit is contained in:
W. Felix Handte
2019-08-15 14:24:45 -04:00
parent 87e31223e8
commit a42bbb4e05
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/legacy/zstd_v03.c
View File

@@ -2530,6 +2530,7 @@ static size_t ZSTD_decodeLiteralsBlock(void* ctx,
const size_t litSize = (MEM_readLE32(istart) & 0xFFFFFF) >> 2; /* no buffer issue : srcSize >= MIN_CBLOCK_SIZE */ const size_t litSize = (MEM_readLE32(istart) & 0xFFFFFF) >> 2; /* no buffer issue : srcSize >= MIN_CBLOCK_SIZE */
if (litSize > srcSize-11) /* risk of reading too far with wildcopy */ if (litSize > srcSize-11) /* risk of reading too far with wildcopy */
{ {
if (litSize > BLOCKSIZE) return ERROR(corruption_detected);
if (litSize > srcSize-3) return ERROR(corruption_detected); if (litSize > srcSize-3) return ERROR(corruption_detected);
memcpy(dctx->litBuffer, istart, litSize); memcpy(dctx->litBuffer, istart, litSize);
dctx->litPtr = dctx->litBuffer; dctx->litPtr = dctx->litBuffer;