facebook
/
zstd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed a few issues found by AFL (American Fuzzy Lop)

dev
Yann Collet 2015-08-24 20:17:11 +01:00
parent fee8e240c7
commit 1885029ba1
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/zstd.c
View File

@ -1172,7 +1172,12 @@ static size_t ZSTD_decompressLiterals(void* ctx,
BYTE* const oend = op + maxDstSize; BYTE* const oend = op + maxDstSize;
const BYTE* ip = (const BYTE*)src; const BYTE* ip = (const BYTE*)src;
size_t errorCode; size_t errorCode;
size_t litSize = ip[1] + (ip[0]<<8); size_t litSize;
/* check : minimum 2, for litSize, +1, for content */
if (srcSize <= 3) return (size_t)-ZSTD_ERROR_corruption;
litSize = ip[1] + (ip[0]<<8);
litSize += ((ip[-3] >> 3) & 7) << 16; // mmmmh.... litSize += ((ip[-3] >> 3) & 7) << 16; // mmmmh....
op = oend - litSize; op = oend - litSize;

2
programs/datagencli.c
View File

@ -81,7 +81,7 @@ static int usage(char* programName)
{ {
DISPLAY( "Compressible data generator\n"); DISPLAY( "Compressible data generator\n");
DISPLAY( "Usage :\n"); DISPLAY( "Usage :\n");
DISPLAY( " %s [size] [args]\n", programName); DISPLAY( " %s [args]\n", programName);
DISPLAY( "\n"); DISPLAY( "\n");
DISPLAY( "Arguments :\n"); DISPLAY( "Arguments :\n");
DISPLAY( " -g# : generate # data (default:%i)\n", SIZE_DEFAULT); DISPLAY( " -g# : generate # data (default:%i)\n", SIZE_DEFAULT);

8
programs/fileio.c
View File

@ -354,19 +354,21 @@ unsigned long long FIO_decompressFilename(const char* output_filename, const cha
size_t readSize, decodedSize; size_t readSize, decodedSize;
/* Fill input buffer */ /* Fill input buffer */
if (toRead > inBuffSize)
EXM_THROW(34, "too large block");
readSize = fread(inBuff, 1, toRead, finput); readSize = fread(inBuff, 1, toRead, finput);
if (readSize != toRead) if (readSize != toRead)
EXM_THROW(34, "Read error"); EXM_THROW(35, "Read error");
/* Decode block */ /* Decode block */
decodedSize = ZSTD_decompressContinue(dctx, op, oend-op, inBuff, readSize); decodedSize = ZSTD_decompressContinue(dctx, op, oend-op, inBuff, readSize);
if (ZSTD_isError(decodedSize)) EXM_THROW(35, "Decoding error : input corrupted"); if (ZSTD_isError(decodedSize)) EXM_THROW(36, "Decoding error : input corrupted");
if (decodedSize) /* not a header */ if (decodedSize) /* not a header */
{ {
/* Write block */ /* Write block */
sizeCheck = fwrite(op, 1, decodedSize, foutput); sizeCheck = fwrite(op, 1, decodedSize, foutput);
if (sizeCheck != decodedSize) EXM_THROW(36, "Write error : unable to write data block to destination file"); if (sizeCheck != decodedSize) EXM_THROW(37, "Write error : unable to write data block to destination file");
filesize += decodedSize; filesize += decodedSize;
op += decodedSize; op += decodedSize;
if (op==oend) op = outBuff; if (op==oend) op = outBuff;