vtorri
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lz4: fix another security issue on ARM 32bits.

This commit is contained in:
Cedric BAIL 2014-07-14 15:59:06 +02:00
parent c037b3e80a
commit 4f45be13cf
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/static_libs/lz4/lz4.c
View File

@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic(
length += s; length += s;
} }
while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255)); while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */
if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */
} }
/* copy literals */ /* copy literals */
@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic(
unsigned s; unsigned s;
do do
{ {
if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error; if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
s = *ip++; s = *ip++;
length += s; length += s;
} while (s==255); } while (s==255);
if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */ //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */
} }
/* check external dictionary */ /* check external dictionary */
@ -983,9 +986,9 @@ FORCE_INLINE int LZ4_decompress_generic(
copySize = length+MINMATCH - copySize; copySize = length+MINMATCH - copySize;
if (copySize > (size_t)((char*)op-dest)) /* overlap */ if (copySize > (size_t)((char*)op-dest)) /* overlap */
{ {
BYTE* const cpy2 = op + copySize; BYTE* const cpy = op + copySize;
const BYTE* ref2 = (BYTE*)dest; const BYTE* ref = (BYTE*)dest;
while (op < cpy2) *op++ = *ref2++; while (op < cpy) *op++ = *ref++;
} }
else else
{ {