krak/zstd
1
0
Fork 0
mirror of https://github.com/facebook/zstd.git synced 2025-10-31 08:37:43 +02:00
Code Issues Releases 1 Activity

copy fix for v0.3 to v0.4

Browse Source 
in case it would be applicable for this legacy version too.
This commit is contained in:
Yann Collet
2023-02-06 20:36:37 -08:00
committed by Yann Collet
parent 7eb4471fec
commit b20e4e95f2
2 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/legacy/zstd_v03.c
View File

@@ -2710,7 +2710,7 @@ static size_t ZSTD_execSequence(BYTE* op,
if (seqLength > (size_t)(oend - op)) return ERROR(dstSize_tooSmall); if (seqLength > (size_t)(oend - op)) return ERROR(dstSize_tooSmall);
if (sequence.litLength > (size_t)(litLimit - *litPtr)) return ERROR(corruption_detected); if (sequence.litLength > (size_t)(litLimit - *litPtr)) return ERROR(corruption_detected);
/* Now we know there are no overflow in literal nor match lengths, can use the pointer check */ /* Now we know there are no overflow in literal nor match lengths, can use pointer checks */
if (oLitEnd > oend_8) return ERROR(dstSize_tooSmall); if (oLitEnd > oend_8) return ERROR(dstSize_tooSmall);
if (sequence.offset > (U32)(oLitEnd - base)) return ERROR(corruption_detected); if (sequence.offset > (U32)(oLitEnd - base)) return ERROR(corruption_detected);

15
lib/legacy/zstd_v04.c
View File

@@ -2828,13 +2828,20 @@ static size_t ZSTD_execSequence(BYTE* op,
const BYTE* const litEnd = *litPtr + sequence.litLength; const BYTE* const litEnd = *litPtr + sequence.litLength;
const BYTE* match = oLitEnd - sequence.offset; const BYTE* match = oLitEnd - sequence.offset;
/* check */ /* checks */
if (oLitEnd > oend_8) return ERROR(dstSize_tooSmall); /* last match must start at a minimum distance of 8 from oend */ size_t const seqLength = sequence.litLength + sequence.matchLength;
if (seqLength > (size_t)(oend - op)) return ERROR(dstSize_tooSmall);
if (sequence.litLength > (size_t)(litLimit - *litPtr)) return ERROR(corruption_detected);
/* Now we know there are no overflow in literal nor match lengths, can use pointer checks */
if (oLitEnd > oend_8) return ERROR(dstSize_tooSmall);
if (sequence.offset > (U32)(oLitEnd - base)) return ERROR(corruption_detected);
if (oMatchEnd > oend) return ERROR(dstSize_tooSmall); /* overwrite beyond dst buffer */ if (oMatchEnd > oend) return ERROR(dstSize_tooSmall); /* overwrite beyond dst buffer */
if (litEnd > litLimit) return ERROR(corruption_detected); /* risk read beyond lit buffer */ if (litEnd > litLimit) return ERROR(corruption_detected); /* overRead beyond lit buffer */
/* copy Literals */ /* copy Literals */
ZSTD_wildcopy(op, *litPtr, sequence.litLength); /* note : oLitEnd <= oend-8 : no risk of overwrite beyond oend */ ZSTD_wildcopy(op, *litPtr, (ptrdiff_t)sequence.litLength); /* note : oLitEnd <= oend-8 : no risk of overwrite beyond oend */
op = oLitEnd; op = oLitEnd;
*litPtr = litEnd; /* update for next sequence */ *litPtr = litEnd; /* update for next sequence */