]> git.ipfire.org Git - thirdparty/zstd.git/commit
projects / thirdparty / zstd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c6ce5a) | patch
Fix decompression buffer overrun 479/head
authorNick Terrell <terrelln@fb.com>
Tue, 13 Dec 2016 02:05:30 +0000 (18:05 -0800)
committerNick Terrell <terrelln@fb.com>
Tue, 13 Dec 2016 02:05:30 +0000 (18:05 -0800)
commite474aa55b4d6b52d5e7d97db163835f208415a12
treedd4dbf33d9badadb881f346e3df4f849cd898410tree | snapshot
parent4c6ce5a57eaa302b86c889d33837ba0e59c9f3bdcommit | diff
Fix decompression buffer overrun

Allows an adversary to write up to 3 bytes beyond the end of the buffer.
Occurs if the match overlaps the `extDict` and `currentPrefix`, and the
match length in the `currentPrefix` is less than `MINMATCH`, and
`op-(16-MINMATCH) >= oMatchEnd > op-16`.
lib/decompress/zstd_decompress.c diff | blob | blame | history
lib/legacy/zstd_v01.c diff | blob | blame | history
lib/legacy/zstd_v02.c diff | blob | blame | history
lib/legacy/zstd_v03.c diff | blob | blame | history
lib/legacy/zstd_v04.c diff | blob | blame | history
lib/legacy/zstd_v05.c diff | blob | blame | history
lib/legacy/zstd_v06.c diff | blob | blame | history
lib/legacy/zstd_v07.c diff | blob | blame | history
Mirror of https://github.com/facebook/zstd.git