korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-24 04:34:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

lib: decompress_unzstd: Limit output size

Browse Source 
The zstd decompression code, as it is right now, will most likely fail
on 32-bit systems, as the default output buffer size causes the buffer's
end address to overflow.

Address this issue by setting a sane default to the default output size,
with a value that won't overflow the buffer's end address.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Reviewed-by: Nick Terrell <terrelln@fb.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
This commit is contained in:
Paul Cercueil 2020-09-01 16:26:50 +02:00 committed by Thomas Bogendoerfer
parent aa9c45db01
commit 1c4dd334df
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/decompress_unzstd.c
View File

@ -178,8 +178,13 @@ static int INIT __unzstd(unsigned char *in_buf, long in_len,
int err;
size_t ret;
/*
* ZSTD decompression code won't be happy if the buffer size is so big
* that its end address overflows. When the size is not provided, make
* it as big as possible without having the end address overflow.
*/
if (out_len == 0)
out_len = LONG_MAX; /* no limit */
out_len = UINTPTR_MAX - (uintptr_t)out_buf;
if (fill == NULL && flush == NULL)
/*