Merge pull request #3840 from aimuz/fix-reserved

author Yann Collet <Cyan4973@users.noreply.github.com>

Tue, 5 Mar 2024 21:40:12 +0000 (13:40 -0800)

committer GitHub <noreply@github.com>

Tue, 5 Mar 2024 21:40:12 +0000 (13:40 -0800)
author Yann Collet <Cyan4973@users.noreply.github.com>
Tue, 5 Mar 2024 21:40:12 +0000 (13:40 -0800)
committer GitHub <noreply@github.com>
Tue, 5 Mar 2024 21:40:12 +0000 (13:40 -0800)
diff --cc lib/decompress/zstd_decompress_block.c

index 1943d7f574c2ca2661f17311f757fdd47f62a31f,80c29db69dbe861f54eeaba914d27b401873546a..8d9fea5fd81167d6f1895889fe54967ad9b44e05
--- 1/lib/decompress/zstd_decompress_block.c
--- 2/lib/decompress/zstd_decompress_block.c
+++ b/lib/decompress/zstd_decompress_block.c
@@@ -718,15 -605,9 +718,16 @@@ size_t ZSTD_decodeSeqHeaders(ZSTD_DCtx
       }
       *nbSeqPtr = nbSeq;
   
+ +    if (nbSeq == 0) {
+ +        /* No sequence : section ends immediately */
+ +        RETURN_ERROR_IF(ip != iend, corruption_detected,
+ +            "extraneous data present in the Sequences section");
+ +        return (size_t)(ip - istart);
+ +    }
+ +
       /* FSE table descriptors */
       RETURN_ERROR_IF(ip+1 > iend, srcSize_wrong, ""); /* minimum possible size: 1 byte for symbol encoding types */
+     RETURN_ERROR_IF(*ip & 3, corruption_detected, ""); /* The last field, Reserved, must be all-zeroes. */
       {   symbolEncodingType_e const LLtype = (symbolEncodingType_e)(*ip >> 6);
           symbolEncodingType_e const OFtype = (symbolEncodingType_e)((*ip >> 4) & 3);
           symbolEncodingType_e const MLtype = (symbolEncodingType_e)((*ip >> 2) & 3);
author	Yann Collet <Cyan4973@users.noreply.github.com>
	Tue, 5 Mar 2024 21:40:12 +0000 (13:40 -0800)
committer	GitHub <noreply@github.com>
	Tue, 5 Mar 2024 21:40:12 +0000 (13:40 -0800)