Fix Buffer Overflow in Legacy (v0.3) Raw Literals Decompression

facebook · Aug 15, 2019 · a42bbb4 · a42bbb4
1 parent 87e3122
commit a42bbb4
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/legacy/zstd_v03.c b/lib/legacy/zstd_v03.c
@@ -2530,6 +2530,7 @@ static size_t ZSTD_decodeLiteralsBlock(void* ctx,
             const size_t litSize = (MEM_readLE32(istart) & 0xFFFFFF) >> 2;   /* no buffer issue : srcSize >= MIN_CBLOCK_SIZE */
             if (litSize > srcSize-11)   /* risk of reading too far with wildcopy */
             {
+                if (litSize > BLOCKSIZE) return ERROR(corruption_detected);
                 if (litSize > srcSize-3) return ERROR(corruption_detected);
                 memcpy(dctx->litBuffer, istart, litSize);
                 dctx->litPtr = dctx->litBuffer;