From: Nick Terrell <terrelln@fb.com>
Date: Tue, 18 Oct 2016 21:52:34 +0000 (-0700)
Subject: Backport fix from commit 125d817
X-Git-Tag: v1.1.1~21^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7b06ad7a05eabf1e03a9eeff4d6fea7fe63eb0f1;p=thirdparty%2Fzstd.git

Backport fix from commit 125d817

This fixes a read of unitialized memory.
Full commit hash: 125d81774fe87a2bc18023d999d8e510678c38fb.
---

diff --git a/lib/legacy/zstd_v05.c b/lib/legacy/zstd_v05.c
index a8045aea0..06dba0667 100644
--- a/lib/legacy/zstd_v05.c
+++ b/lib/legacy/zstd_v05.c
@@ -2944,6 +2944,7 @@ size_t ZSTDv05_decodeLiteralsBlock(ZSTDv05_DCtx* dctx,
         {
             size_t litSize, litCSize, singleStream=0;
             U32 lhSize = ((istart[0]) >> 4) & 3;
+            if (srcSize < 5) return ERROR(corruption_detected);   /* srcSize >= MIN_CBLOCK_SIZE == 3; here we need up to 5 for case 3 */
             switch(lhSize)
             {
             case 0: case 1: default:   /* note : default is impossible, since lhSize into [0..3] */