Backport fix from commit 9e8b09a

Fixes uninitialized memory reads.
Full commit hash: 9e8b09a7bd42dd06ee62b33aff215fbb52708d7b

diff --git a/lib/legacy/zstd_v05.c b/lib/legacy/zstd_v05.c
index 7446b84572de294eb65c0d14837b71327cf25c66..a8045aea007629ac91a40d833079b127bd734944 100644 (file)
--- a/lib/legacy/zstd_v05.c
+++ b/lib/legacy/zstd_v05.c
@@ -2967,6 +2967,7 @@ size_t ZSTDv05_decodeLiteralsBlock(ZSTDv05_DCtx* dctx,
                 break;
             }
             if (litSize > BLOCKSIZE) return ERROR(corruption_detected);
+            if (litCSize + lhSize > srcSize) return ERROR(corruption_detected);
 
             if (HUFv05_isError(singleStream ?
                             HUFv05_decompress1X2(dctx->litBuffer, litSize, istart+lhSize, litCSize) :