krak/zstd
krak/zstd
1
0
Fork 0
mirror of https://github.com/facebook/zstd.git synced 2025-03-06 16:56:49 +02:00
Code Issues Releases 1 Activity

fixed decoder error (32-bits mode, malicious input)

Browse Source
This commit is contained in:
Yann Collet 2015-11-28 17:09:28 +01:00
parent 00fd7a2110
commit ad50c59bb7
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/zstd_decompress.c
View File

@ -785,11 +785,12 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx* ctx, void* dst, size_t maxDstSize, con
if (srcSize != ctx->expected) return ERROR(srcSize_wrong);
if (dst != ctx->previousDstEnd) /* not contiguous */
{
ctx->dictEnd = ctx->previousDstEnd;
if ((dst > ctx->base) && (dst < ctx->previousDstEnd)) /* rolling buffer : new segment right into tracked memory */
if (((char*)dst + maxDstSize > (char*)ctx->base) && (dst < ctx->previousDstEnd)) /* rolling buffer : new segment into dictionary */
ctx->base = (char*)dst + maxDstSize; /* temporary affectation, for vBase calculation */
ctx->vBase = (char*)dst - ((char*)(ctx->dictEnd) - (char*)(ctx->base));
ctx->dictEnd = ctx->previousDstEnd;
ctx->vBase = (char*)dst - ((char*)(ctx->previousDstEnd) - (char*)(ctx->base));
ctx->base = dst;
ctx->previousDstEnd = dst;
}
/* Decompress : frame header; part 1 */
@ -839,7 +840,6 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx* ctx, void* dst, size_t maxDstSize, con
ctx->stage = ZSTDds_decompressBlock;
}
ctx->previousDstEnd = dst;
return 0;
}
case 3: