diff options
author | Daniel Friesel <derf@finalrewind.org> | 2021-01-20 19:56:03 +0100 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2021-01-20 19:56:03 +0100 |
commit | f2433ec891cd269ce24ee286e46859563cdb20d2 (patch) | |
tree | ac85db1acffa8e897acfd5a9a5d52e1ea4363749 /src/lib | |
parent | 4d88a39160bc389b3198bc81b280093beea1790e (diff) |
add some bounds checks
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/udeflate.cc | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/udeflate.cc b/src/lib/udeflate.cc index 31c0927..c8f281f 100644 --- a/src/lib/udeflate.cc +++ b/src/lib/udeflate.cc @@ -242,6 +242,9 @@ static int8_t udeflate_huffman(uint8_t * ll_lengths, uint16_t ll_size, kout << "code " << code << endl; #endif if (code < 256) { + if (udeflate_output_now == udeflate_output_end) { + return UDEFLATE_ERR_OUTPUT_LENGTH; + } *udeflate_output_now = code; udeflate_output_now++; } else if (code == 256) { @@ -262,11 +265,17 @@ static int8_t udeflate_huffman(uint8_t * ll_lengths, uint16_t ll_size, dist_val += udeflate_get_bits(extra_bits); } while (len_val--) { + if (udeflate_output_now == udeflate_output_end) { + return UDEFLATE_ERR_OUTPUT_LENGTH; + } udeflate_output_now[0] = udeflate_output_now[-dist_val]; udeflate_output_now++; } } + if (udeflate_input_now >= udeflate_input_end - 4) { + return UDEFLATE_ERR_INPUT_LENGTH; + } } } @@ -362,8 +371,6 @@ static int8_t udeflate_dynamic_huffman() return udeflate_huffman(udeflate_lld_lengths, hlit, udeflate_lld_lengths + hlit, hdist); - - return 0; } int8_t udeflate(unsigned char *input_buf, uint16_t input_len, @@ -396,7 +403,7 @@ int8_t udeflate_zlib(unsigned char *input_buf, uint16_t input_len, unsigned char *output_buf, uint16_t output_len) { if (input_len < 4) { - return UDEFLATE_ERR_LENGTH; + return UDEFLATE_ERR_INPUT_LENGTH; } uint8_t zlib_method = input_buf[0] & 0x0f; uint16_t zlib_window_size = 1 << (8 + ((input_buf[0] & 0xf0) >> 4)); |