Fix Buffer Overflow in Legacy (v0.3) Raw Literals Decompression

diff --git a/lib/legacy/zstd_v03.c b/lib/legacy/zstd_v03.c
index 7a0e7c9b69fb0b41439cdc4907207d470bd7f3fb..dbc83f1ee78fd3392435517688c5c6f8bcc7d18a 100644 (file)
--- a/lib/legacy/zstd_v03.c
+++ b/lib/legacy/zstd_v03.c
@@ -2530,6 +2530,7 @@ static size_t ZSTD_decodeLiteralsBlock(void* ctx,
             const size_t litSize = (MEM_readLE32(istart) & 0xFFFFFF) >> 2;   /* no buffer issue : srcSize >= MIN_CBLOCK_SIZE */
             if (litSize > srcSize-11)   /* risk of reading too far with wildcopy */
             {
+                if (litSize > BLOCKSIZE) return ERROR(corruption_detected);
                 if (litSize > srcSize-3) return ERROR(corruption_detected);
                 memcpy(dctx->litBuffer, istart, litSize);
                 dctx->litPtr = dctx->litBuffer;