summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/gunzip.c4
-rw-r--r--lib/lzma/LzmaTools.c8
-rw-r--r--lib/lzo/lzo1x_decompress.c8
3 files changed, 15 insertions, 5 deletions
diff --git a/lib/gunzip.c b/lib/gunzip.c
index 9959781b0..35abfb38e 100644
--- a/lib/gunzip.c
+++ b/lib/gunzip.c
@@ -89,13 +89,13 @@ int zunzip(void *dst, int dstlen, unsigned char *src, unsigned long *lenp,
s.avail_out = dstlen;
do {
r = inflate(&s, Z_FINISH);
- if (r != Z_STREAM_END && r != Z_BUF_ERROR && stoponerr == 1) {
+ if (stoponerr == 1 && r != Z_STREAM_END &&
+ (s.avail_out == 0 || r != Z_BUF_ERROR)) {
printf("Error: inflate() returned %d\n", r);
inflateEnd(&s);
return -1;
}
s.avail_in = *lenp - offset - (int)(s.next_out - (unsigned char*)dst);
- s.avail_out = dstlen;
} while (r == Z_BUF_ERROR);
*lenp = s.next_out - (unsigned char *) dst;
inflateEnd(&s);
diff --git a/lib/lzma/LzmaTools.c b/lib/lzma/LzmaTools.c
index 8d1165e11b..0aec2f9c7 100644
--- a/lib/lzma/LzmaTools.c
+++ b/lib/lzma/LzmaTools.c
@@ -97,15 +97,19 @@ int lzmaBuffToBuffDecompress (unsigned char *outStream, SizeT *uncompressedSize,
g_Alloc.Alloc = SzAlloc;
g_Alloc.Free = SzFree;
+ /* Short-circuit early if we know the buffer can't hold the results. */
+ if (outSizeFull != (SizeT)-1 && *uncompressedSize < outSizeFull)
+ return SZ_ERROR_OUTPUT_EOF;
+
/* Decompress */
- outProcessed = outSizeFull;
+ outProcessed = *uncompressedSize;
WATCHDOG_RESET();
res = LzmaDecode(
outStream, &outProcessed,
inStream + LZMA_DATA_OFFSET, &compressedSize,
- inStream, LZMA_PROPS_SIZE, LZMA_FINISH_ANY, &state, &g_Alloc);
+ inStream, LZMA_PROPS_SIZE, LZMA_FINISH_END, &state, &g_Alloc);
*uncompressedSize = outProcessed;
if (res != SZ_OK) {
return res;
diff --git a/lib/lzo/lzo1x_decompress.c b/lib/lzo/lzo1x_decompress.c
index e6ff708f1..35f3793f3 100644
--- a/lib/lzo/lzo1x_decompress.c
+++ b/lib/lzo/lzo1x_decompress.c
@@ -68,13 +68,14 @@ int lzop_decompress(const unsigned char *src, size_t src_len,
unsigned char *start = dst;
const unsigned char *send = src + src_len;
u32 slen, dlen;
- size_t tmp;
+ size_t tmp, remaining;
int r;
src = parse_header(src);
if (!src)
return LZO_E_ERROR;
+ remaining = *dst_len;
while (src < send) {
/* read uncompressed block size */
dlen = get_unaligned_be32(src);
@@ -93,6 +94,10 @@ int lzop_decompress(const unsigned char *src, size_t src_len,
if (slen <= 0 || slen > dlen)
return LZO_E_ERROR;
+ /* abort if buffer ran out of room */
+ if (dlen > remaining)
+ return LZO_E_OUTPUT_OVERRUN;
+
/* decompress */
tmp = dlen;
r = lzo1x_decompress_safe((u8 *) src, slen, dst, &tmp);
@@ -105,6 +110,7 @@ int lzop_decompress(const unsigned char *src, size_t src_len,
src += slen;
dst += dlen;
+ remaining -= dlen;
}
return LZO_E_INPUT_OVERRUN;
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-10-31 10:54:48 +0000