Fixed decoding error (afl)

2016-02-03 12:39:34 +01:00 · 2016-02-03 12:39:34 +01:00 · b010b3b627
parent 72bff50ecf
commit b010b3b627
2 changed files with 12 additions and 10 deletions
--- a/lib/zstd_decompress.c
+++ b/lib/zstd_decompress.c
@ -432,7 +432,7 @@ size_t ZSTD_decodeLiteralsBlock(ZSTD_DCtx* dctx,
            }

            if (lhSize+litSize+WILDCOPY_OVERLENGTH > srcSize) {  /* risk reading beyond src buffer with wildcopy */
-                if (litSize > srcSize-lhSize) return ERROR(corruption_detected);
+                if (litSize+lhSize > srcSize) return ERROR(corruption_detected);
                memcpy(dctx->litBuffer, istart+lhSize, litSize);
                dctx->litPtr = dctx->litBuffer;
                dctx->litBufSize = BLOCKSIZE+8;
@ -844,28 +844,30 @@ static void ZSTD_checkContinuity(ZSTD_DCtx* dctx, const void* dst)


 static size_t ZSTD_decompressBlock_internal(ZSTD_DCtx* dctx,
-                            void* dst, size_t maxDstSize,
+                            void* dst, size_t dstCapacity,
                      const void* src, size_t srcSize)
-{
-    /* blockType == blockCompressed */
+{   /* blockType == blockCompressed */
    const BYTE* ip = (const BYTE*)src;
+    size_t litCSize;
+
+    if (srcSize >= BLOCKSIZE) return ERROR(srcSize_wrong);

    /* Decode literals sub-block */
-    size_t litCSize = ZSTD_decodeLiteralsBlock(dctx, src, srcSize);
+    litCSize = ZSTD_decodeLiteralsBlock(dctx, src, srcSize);
    if (ZSTD_isError(litCSize)) return litCSize;
    ip += litCSize;
    srcSize -= litCSize;

-    return ZSTD_decompressSequences(dctx, dst, maxDstSize, ip, srcSize);
+    return ZSTD_decompressSequences(dctx, dst, dstCapacity, ip, srcSize);
 }


 size_t ZSTD_decompressBlock(ZSTD_DCtx* dctx,
-                            void* dst, size_t maxDstSize,
+                            void* dst, size_t dstCapacity,
                      const void* src, size_t srcSize)
 {
    ZSTD_checkContinuity(dctx, dst);
-    return ZSTD_decompressBlock_internal(dctx, dst, maxDstSize, src, srcSize);
+    return ZSTD_decompressBlock_internal(dctx, dst, dstCapacity, src, srcSize);
 }


--- a/lib/zstd_internal.h
+++ b/lib/zstd_internal.h
@ -102,8 +102,8 @@ static const size_t ZSTD_frameHeaderSize_min = 5;

 #define HufLog 12

-#define MIN_SEQUENCES_SIZE 1 /* seqNb */
-#define MIN_CBLOCK_SIZE (1 /*litCSize*/ + MIN_SEQUENCES_SIZE)
+#define MIN_SEQUENCES_SIZE 1 /* nbSeq==0 */
+#define MIN_CBLOCK_SIZE (1 /*litCSize*/ + 1 /* RLE or RAW */ + MIN_SEQUENCES_SIZE /* nbSeq==0 */)   /* for a non-null block */

 #define WILDCOPY_OVERLENGTH 8