STREAM_WINDOW_MAX : protect streaming from unreasonable memory requirements

diff --git a/lib/decompress/zstd_decompress.c b/lib/decompress/zstd_decompress.c
index 5cd9deb5052013085416f061c2e8dc62b06a5831..524c2f56efa9843b70aa05abbe5bc33895630dc9 100644 (file)
--- a/lib/decompress/zstd_decompress.c
+++ b/lib/decompress/zstd_decompress.c
@@ -50,6 +50,16 @@
 #endif
 
 
+/*!
+*  STREAM_WINDOW_MAX :
+*  maximum window size accepted by DStream.
+*  frames requiring more memory will be rejected.
+*/
+#ifndef ZSTD_STREAM_WINDOW_MAX
+#  define ZSTD_STREAM_WINDOW_MAX (257 << 20)   /* 257 MB */
+#endif
+
+
 /*-*******************************************************
 *  Dependencies
 *********************************************************/
@@ -1445,6 +1455,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream* zds, ZSTD_outBuffer* output, ZSTD_inB
             /* Frame header instruct buffer sizes */
             {   size_t const blockSize = MIN(zds->fParams.windowSize, ZSTD_BLOCKSIZE_ABSOLUTEMAX);
                 size_t const neededOutSize = zds->fParams.windowSize + blockSize;
+                if (zds->fParams.windowSize > ZSTD_STREAM_WINDOW_MAX) return ERROR(frameParameter_unsupported);
                 zds->blockSize = blockSize;
                 if (zds->inBuffSize < blockSize) {
                     zds->customMem.customFree(zds->customMem.opaque, zds->inBuff);