lz4: fix another security issue on ARM 32.

devs/discomfitor/cc
Cedric BAIL 9 years ago
parent 585345f836
commit e3fbd7f030
  1. 15
      src/bin/lz4/lz4.c

@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic(
length += s;
}
while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */
if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */
}
/* copy literals */
@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic(
unsigned s;
do
{
if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error;
if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
s = *ip++;
length += s;
} while (s==255);
if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */
}
/* check external dictionary */
@ -983,9 +986,9 @@ FORCE_INLINE int LZ4_decompress_generic(
copySize = length+MINMATCH - copySize;
if (copySize > (size_t)((char*)op-dest)) /* overlap */
{
BYTE* const cpy2 = op + copySize;
const BYTE* ref2 = (BYTE*)dest;
while (op < cpy2) *op++ = *ref2++;
BYTE* const cpy = op + copySize;
const BYTE* ref = (BYTE*)dest;
while (op < cpy) *op++ = *ref++;
}
else
{

Loading…
Cancel
Save