forked from enlightenment/efl
lz4: fix another security issue on ARM 32bits.
This commit is contained in:
parent
c037b3e80a
commit
4f45be13cf
|
@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic(
|
||||||
length += s;
|
length += s;
|
||||||
}
|
}
|
||||||
while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
|
while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
|
||||||
if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
|
//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
|
||||||
|
if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */
|
||||||
|
if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* copy literals */
|
/* copy literals */
|
||||||
|
@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic(
|
||||||
unsigned s;
|
unsigned s;
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error;
|
if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
|
||||||
s = *ip++;
|
s = *ip++;
|
||||||
length += s;
|
length += s;
|
||||||
} while (s==255);
|
} while (s==255);
|
||||||
if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
|
//if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
|
||||||
|
if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check external dictionary */
|
/* check external dictionary */
|
||||||
|
@ -983,9 +986,9 @@ FORCE_INLINE int LZ4_decompress_generic(
|
||||||
copySize = length+MINMATCH - copySize;
|
copySize = length+MINMATCH - copySize;
|
||||||
if (copySize > (size_t)((char*)op-dest)) /* overlap */
|
if (copySize > (size_t)((char*)op-dest)) /* overlap */
|
||||||
{
|
{
|
||||||
BYTE* const cpy2 = op + copySize;
|
BYTE* const cpy = op + copySize;
|
||||||
const BYTE* ref2 = (BYTE*)dest;
|
const BYTE* ref = (BYTE*)dest;
|
||||||
while (op < cpy2) *op++ = *ref2++;
|
while (op < cpy) *op++ = *ref++;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue