forked from luck/tmp_suning_uos_patched
lib: decompress_unzstd: Limit output size
The zstd decompression code, as it is right now, will most likely fail on 32-bit systems, as the default output buffer size causes the buffer's end address to overflow. Address this issue by setting a sane default to the default output size, with a value that won't overflow the buffer's end address. Signed-off-by: Paul Cercueil <paul@crapouillou.net> Reviewed-by: Nick Terrell <terrelln@fb.com> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
This commit is contained in:
parent
aa9c45db01
commit
1c4dd334df
|
@ -178,8 +178,13 @@ static int INIT __unzstd(unsigned char *in_buf, long in_len,
|
||||||
int err;
|
int err;
|
||||||
size_t ret;
|
size_t ret;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* ZSTD decompression code won't be happy if the buffer size is so big
|
||||||
|
* that its end address overflows. When the size is not provided, make
|
||||||
|
* it as big as possible without having the end address overflow.
|
||||||
|
*/
|
||||||
if (out_len == 0)
|
if (out_len == 0)
|
||||||
out_len = LONG_MAX; /* no limit */
|
out_len = UINTPTR_MAX - (uintptr_t)out_buf;
|
||||||
|
|
||||||
if (fill == NULL && flush == NULL)
|
if (fill == NULL && flush == NULL)
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in New Issue
Block a user