Merge pull request #16 from dgryski/uint32-fix

Fix max block size check
golang · Jul 30, 2015 · 723cc1e · 723cc1e
2 parents 0c7f8a7 + f5466f1
commit 723cc1e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/decode.go b/decode.go
@@ -13,6 +13,8 @@ import (
 var (
 	// ErrCorrupt reports that the input is invalid.
 	ErrCorrupt = errors.New("snappy: corrupt input")
+	// ErrTooLarge reports that the uncompressed length is too large.
+	ErrTooLarge = errors.New("snappy: decoded block is too large")
 	// ErrUnsupported reports that the input isn't supported.
 	ErrUnsupported = errors.New("snappy: unsupported input")
 )
@@ -27,11 +29,13 @@ func DecodedLen(src []byte) (int, error) {
 // that the length header occupied.
 func decodedLen(src []byte) (blockLen, headerLen int, err error) {
 	v, n := binary.Uvarint(src)
-	if n <= 0 {
+	if n <= 0 || v > 0xffffffff {
 		return 0, 0, ErrCorrupt
 	}
-	if uint64(int(v)) != v {
-		return 0, 0, errors.New("snappy: decoded block is too large")
+
+	const wordSize = 32 << (^uint(0) >> 32 & 1)
+	if wordSize == 32 && v > 0x7fffffff {
+		return 0, 0, ErrTooLarge
 	}
 	return int(v), n, nil
 }

diff --git a/snappy_test.go b/snappy_test.go
@@ -86,6 +86,16 @@ func TestInvalidVarint(t *testing.T) {
 	if _, err := Decode(nil, data); err != ErrCorrupt {
 		t.Errorf("Decode: got %v, want ErrCorrupt", err)
 	}
+
+	// The encoded varint overflows 32 bits
+	data = []byte("\xff\xff\xff\xff\xff\x00")
+
+	if _, err := DecodedLen(data); err != ErrCorrupt {
+		t.Errorf("DecodedLen: got %v, want ErrCorrupt", err)
+	}
+	if _, err := Decode(nil, data); err != ErrCorrupt {
+		t.Errorf("Decode: got %v, want ErrCorrupt", err)
+	}
 }
 
 func cmp(a, b []byte) error {