From: Yann Collet Date: Thu, 21 Sep 2017 23:21:10 +0000 (-0700) Subject: added control from frame content size at end of decompression X-Git-Tag: fuzz-corpora~1^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd3115b284f47abea84bcf82f3c45d42062393a1;p=thirdparty%2Fzstd.git added control from frame content size at end of decompression adding check at end of single-pass ZSTD_decompressFrame(). Check within ZSTD_decompressContinue() was already added in a previous patch : b3f33ccfb3b4fcc73df82126fd5ecfb751268fc6 --- diff --git a/lib/decompress/zstd_decompress.c b/lib/decompress/zstd_decompress.c index 91518990e..2abcc145e 100644 --- a/lib/decompress/zstd_decompress.c +++ b/lib/decompress/zstd_decompress.c @@ -1546,6 +1546,10 @@ static size_t ZSTD_decompressFrame(ZSTD_DCtx* dctx, if (blockProperties.lastBlock) break; } + if (dctx->fParams.frameContentSize != ZSTD_CONTENTSIZE_UNKNOWN) { + if ((U64)(op-ostart) != dctx->fParams.frameContentSize) { + return ERROR(corruption_detected); + } } if (dctx->fParams.checksumFlag) { /* Frame content checksum verification */ U32 const checkCalc = (U32)XXH64_digest(&dctx->xxhState); U32 checkRead; diff --git a/tests/fuzzer.c b/tests/fuzzer.c index 2bc5c9dfe..bfa290c62 100644 --- a/tests/fuzzer.c +++ b/tests/fuzzer.c @@ -811,7 +811,7 @@ static int basicUnitTests(U32 seed, double compressibility) } DISPLAYLEVEL(4, "OK \n"); - DISPLAYLEVEL(4, "test%3i : Loading rawContent starting with dict header w/ ZSTD_dm_auto should fail", testNb++); + DISPLAYLEVEL(4, "test%3i : Loading rawContent starting with dict header w/ ZSTD_dm_auto should fail : ", testNb++); { size_t ret; MEM_writeLE32((char*)dictBuffer+2, ZSTD_MAGIC_DICTIONARY); @@ -821,7 +821,7 @@ static int basicUnitTests(U32 seed, double compressibility) } DISPLAYLEVEL(4, "OK \n"); - DISPLAYLEVEL(4, "test%3i : Loading rawContent starting with dict header w/ ZSTD_dm_rawContent should pass", testNb++); + DISPLAYLEVEL(4, "test%3i : Loading rawContent starting with dict header w/ ZSTD_dm_rawContent should pass : ", testNb++); { size_t ret; MEM_writeLE32((char*)dictBuffer+2, ZSTD_MAGIC_DICTIONARY);