diff --git a/src/bin/lz4/lz4.c b/src/bin/lz4/lz4.c index 824f5518..482a8ede 100644 --- a/src/bin/lz4/lz4.c +++ b/src/bin/lz4/lz4.c @@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic( length += s; } while (likely((endOnInput)?ipLZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ + //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ + if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */ + if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */ } /* copy literals */ @@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic( unsigned s; do { - if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error; + if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error; s = *ip++; length += s; } while (s==255); - if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ + //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ + if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */ } /* check external dictionary */ @@ -983,9 +986,9 @@ FORCE_INLINE int LZ4_decompress_generic( copySize = length+MINMATCH - copySize; if (copySize > (size_t)((char*)op-dest)) /* overlap */ { - BYTE* const cpy2 = op + copySize; - const BYTE* ref2 = (BYTE*)dest; - while (op < cpy2) *op++ = *ref2++; + BYTE* const cpy = op + copySize; + const BYTE* ref = (BYTE*)dest; + while (op < cpy) *op++ = *ref++; } else {