mirrors/zig
1
0
Fork 0
mirror of https://codeberg.org/ziglang/zig.git synced 2025-12-06 13:54:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

zstd: Protect against index out-of-bounds when decoding sequences

Browse source 
Previously, index out-of-bounds could occur when copying match_length bytes while decoding whatever sequence happened to overflow `dest`. Now, each sequence checks that there is enough room for the full sequence_length (literal_length + match_length) before doing any copying.

Fixes the failing inputs found here: https://github.com/ziglang/zig/issues/24817#issuecomment-3192927715
This commit is contained in:
Ryan Liptak 2025-08-15 17:38:13 -07:00 committed by Andrew Kelley
parent ee85c8b6d0
commit 98547713a3
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/std/compress/zstd/Decompress.zig
View file

@ -765,6 +765,9 @@ pub const Frame = struct {
const match_length: usize = sequence.match_length; const match_length: usize = sequence.match_length;
const sequence_length = literal_length + match_length; const sequence_length = literal_length + match_length;
if (sequence_length > dest[write_pos..].len)
return error.MalformedSequence;
const copy_start = std.math.sub(usize, write_pos + sequence.literal_length, sequence.offset) catch const copy_start = std.math.sub(usize, write_pos + sequence.literal_length, sequence.offset) catch
return error.MalformedSequence; return error.MalformedSequence;