From 89d7b33e6a6450eed326b40084b547d42bad333f Mon Sep 17 00:00:00 2001 From: Con Kolivas Date: Wed, 16 May 2018 16:51:03 +1000 Subject: [PATCH] Add sanity checking on chunk data on decompression. --- stream.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/stream.c b/stream.c index 9669a9d..af4a4aa 100644 --- a/stream.c +++ b/stream.c @@ -1116,6 +1116,10 @@ void *open_stream_in(rzip_control *control, int f, int n, char chunk_bytes) sinfo->size = le64toh(sinfo->size); print_maxverbose("Chunk size: %lld\n", sinfo->size); control->st_size += sinfo->size; + if (unlikely(sinfo->chunk_bytes < 1 || sinfo->chunk_bytes > 8 || sinfo->size < 0)) { + print_err("Invalid chunk data size %d bytes %lld\n", sinfo->size, sinfo->chunk_bytes); + goto failed; + } } } sinfo->initial_pos = get_readseek(control, f);