[core/zip] Validate target size before compression

In practice, the target size is greater or equal the source size in most cases for ROOT, but add this additional correct check to fuzz the inputs in the next commit.
hahnjo · Feb 8, 2024 · 23261a6 · 23261a6
1 parent 17e3561
commit 23261a6
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/core/zip/src/RZip.cxx b/core/zip/src/RZip.cxx
@@ -78,14 +78,18 @@ unsigned long R__crc32(unsigned long crc, const unsigned char* buf, unsigned int
 /*                      3 = old */
 void R__zipMultipleAlgorithm(int cxlevel, int *srcsize, char *src, int *tgtsize, char *tgt, int *irep, ROOT::RCompressionSetting::EAlgorithm::EValues compressionAlgorithm)
 {
+  *irep = 0;
 
+  // Performance optimization: avoid compressing tiny source buffers.
   if (*srcsize < 1 + HDRSIZE + 1) {
-     *irep = 0;
+     return;
+  }
+  // Correctness check: we need at least enough bytes to prepend the header!
+  if (*tgtsize <= HDRSIZE) {
      return;
   }
 
   if (cxlevel <= 0) {
-    *irep = 0;
     return;
   }