summaryrefslogtreecommitdiff
path: root/src/static_libs
diff options
context:
space:
mode:
authorCedric BAIL <c.bail@partner.samsung.com>2014-07-14 15:59:06 +0200
committerCedric BAIL <c.bail@partner.samsung.com>2014-07-14 15:59:06 +0200
commit4f45be13cf33466f7ba352dc2247c4266e81467f (patch)
treeccded90d50e2c383e7011dc2f98440aa532209af /src/static_libs
parentc037b3e80a95d165abd311395532e86093b9454f (diff)
lz4: fix another security issue on ARM 32bits.
Diffstat (limited to 'src/static_libs')
-rw-r--r--src/static_libs/lz4/lz4.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/static_libs/lz4/lz4.c b/src/static_libs/lz4/lz4.c
index 824f551..482a8ed 100644
--- a/src/static_libs/lz4/lz4.c
+++ b/src/static_libs/lz4/lz4.c
@@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic(
922 length += s; 922 length += s;
923 } 923 }
924 while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255)); 924 while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
925 if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ 925 //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
926 if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */
927 if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */
926 } 928 }
927 929
928 /* copy literals */ 930 /* copy literals */
@@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic(
957 unsigned s; 959 unsigned s;
958 do 960 do
959 { 961 {
960 if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error; 962 if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
961 s = *ip++; 963 s = *ip++;
962 length += s; 964 length += s;
963 } while (s==255); 965 } while (s==255);
964 if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ 966 //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
967 if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */
965 } 968 }
966 969
967 /* check external dictionary */ 970 /* check external dictionary */
@@ -983,9 +986,9 @@ FORCE_INLINE int LZ4_decompress_generic(
983 copySize = length+MINMATCH - copySize; 986 copySize = length+MINMATCH - copySize;
984 if (copySize > (size_t)((char*)op-dest)) /* overlap */ 987 if (copySize > (size_t)((char*)op-dest)) /* overlap */
985 { 988 {
986 BYTE* const cpy2 = op + copySize; 989 BYTE* const cpy = op + copySize;
987 const BYTE* ref2 = (BYTE*)dest; 990 const BYTE* ref = (BYTE*)dest;
988 while (op < cpy2) *op++ = *ref2++; 991 while (op < cpy) *op++ = *ref++;
989 } 992 }
990 else 993 else
991 { 994 {