Fix possible null pointer dereference in lz4_filter_read_legacy_stream()

author Martin Matuska <martin@matuska.org>

Tue, 24 Jan 2017 22:50:04 +0000 (23:50 +0100)

committer Martin Matuska <martin@matuska.org>

Tue, 24 Jan 2017 22:53:51 +0000 (23:53 +0100)
author Martin Matuska <martin@matuska.org>
Tue, 24 Jan 2017 22:50:04 +0000 (23:50 +0100)
committer Martin Matuska <martin@matuska.org>
Tue, 24 Jan 2017 22:53:51 +0000 (23:53 +0100)
diff --git a/libarchive/archive_read_support_filter_lz4.c b/libarchive/archive_read_support_filter_lz4.c

index 4c66ed04dc95f0956ec5dcd442a11f7550328262..663e2d3d601f67a36469693366a675d46e456ae9 100644 (file)
--- a/libarchive/archive_read_support_filter_lz4.c
+++ b/libarchive/archive_read_support_filter_lz4.c
@@ -706,6 +706,11 @@ lz4_filter_read_legacy_stream(struct archive_read_filter *self, const void **p)
         /* Make sure we have a whole block. */
         read_buf = __archive_read_filter_ahead(self->upstream,
             4 + compressed, NULL);
+       if (read_buf == NULL) {
+               archive_set_error(&(self->archive->archive),
+                   ARCHIVE_ERRNO_MISC, "truncated lz4 input");
+               return (ARCHIVE_FATAL);
+       }
         ret = LZ4_decompress_safe(read_buf + 4, state->out_block,
             compressed, (int)state->out_block_size);
         if (ret < 0) {
author	Martin Matuska <martin@matuska.org>
	Tue, 24 Jan 2017 22:50:04 +0000 (23:50 +0100)
committer	Martin Matuska <martin@matuska.org>
	Tue, 24 Jan 2017 22:53:51 +0000 (23:53 +0100)