From: Yann Collet <yann.collet.73@gmail.com>
Date: Tue, 7 Feb 2023 22:47:16 +0000 (-0800)
Subject: add requested check for legacy decoder v0.1
X-Git-Tag: v1.5.4^2~6^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5bf6b8b88456804b480176c6183a893ca01bf15;p=thirdparty%2Fzstd.git

add requested check for legacy decoder v0.1

which uses a different technique to store literals,
and therefore must check for potential overwrites.
---

diff --git a/lib/legacy/zstd_v01.c b/lib/legacy/zstd_v01.c
index 7f24cf685..1a3aad07e 100644
--- a/lib/legacy/zstd_v01.c
+++ b/lib/legacy/zstd_v01.c
@@ -1735,6 +1735,7 @@ static size_t ZSTD_execSequence(BYTE* op,
 
     if (endMatch > oend) return ERROR(dstSize_tooSmall);   /* overwrite beyond dst buffer */
     if (litEnd > litLimit) return ERROR(corruption_detected);   /* overRead beyond lit buffer */
+    if (sequence.matchLength > (size_t)(*litPtr-op)) return ERROR(dstSize_tooSmall);  /* overwrite literal segment */
 
     /* copy Literals */
     ZSTD_memmove(op, *litPtr, sequence.litLength);   /* note : v0.1 seems to allow scenarios where output or input are close to end of buffer */