From: Yann Collet Date: Mon, 29 Oct 2018 22:03:57 +0000 (-0700) Subject: fixed a second memset() on NULL X-Git-Tag: v1.3.8~58^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1395%2Fhead;p=thirdparty%2Fzstd.git fixed a second memset() on NULL not sure why it only triggers now, this code has been around for a while. Introduced a new error code : dstBuffer_null, I couldn't express anything even remotely similar with existing error codes set. --- diff --git a/lib/common/error_private.c b/lib/common/error_private.c index d004ee636..d39e1a7ad 100644 --- a/lib/common/error_private.c +++ b/lib/common/error_private.c @@ -39,6 +39,7 @@ const char* ERR_getErrorString(ERR_enum code) case PREFIX(dictionaryCreation_failed): return "Cannot create Dictionary from provided samples"; case PREFIX(dstSize_tooSmall): return "Destination buffer is too small"; case PREFIX(srcSize_wrong): return "Src size is incorrect"; + case PREFIX(dstBuffer_null): return "Operation on NULL destination buffer"; /* following error codes are not stable and may be removed or changed in a future version */ case PREFIX(frameIndex_tooLarge): return "Frame index is too large"; case PREFIX(seekableIO): return "An I/O error occurred when reading/seeking"; diff --git a/lib/common/zstd_errors.h b/lib/common/zstd_errors.h index 57533f286..92a343389 100644 --- a/lib/common/zstd_errors.h +++ b/lib/common/zstd_errors.h @@ -72,6 +72,7 @@ typedef enum { ZSTD_error_workSpace_tooSmall= 66, ZSTD_error_dstSize_tooSmall = 70, ZSTD_error_srcSize_wrong = 72, + ZSTD_error_dstBuffer_null = 74, /* following error codes are __NOT STABLE__, they can be removed or changed in future versions */ ZSTD_error_frameIndex_tooLarge = 100, ZSTD_error_seekableIO = 102, diff --git a/lib/decompress/zstd_decompress.c b/lib/decompress/zstd_decompress.c index 61826e3af..986ebff9e 100644 --- a/lib/decompress/zstd_decompress.c +++ b/lib/decompress/zstd_decompress.c @@ -510,7 +510,7 @@ static size_t ZSTD_copyRawBlock(void* dst, size_t dstCapacity, DEBUGLOG(5, "ZSTD_copyRawBlock"); if (dst == NULL) { if (srcSize == 0) return 0; - return ERROR(dstSize_tooSmall); + return ERROR(dstBuffer_null); } if (srcSize > dstCapacity) return ERROR(dstSize_tooSmall); memcpy(dst, src, srcSize); @@ -521,6 +521,10 @@ static size_t ZSTD_setRleBlock(void* dst, size_t dstCapacity, BYTE b, size_t regenSize) { + if (dst == NULL) { + if (regenSize == 0) return 0; + return ERROR(dstBuffer_null); + } if (regenSize > dstCapacity) return ERROR(dstSize_tooSmall); memset(dst, b, regenSize); return regenSize; @@ -777,7 +781,8 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx* dctx, void* dst, size_t dstCapacity, c { DEBUGLOG(5, "ZSTD_decompressContinue (srcSize:%u)", (U32)srcSize); /* Sanity check */ - if (srcSize != dctx->expected) return ERROR(srcSize_wrong); /* not allowed */ + if (srcSize != dctx->expected) + return ERROR(srcSize_wrong); /* not allowed */ if (dstCapacity) ZSTD_checkContinuity(dctx, dst); switch (dctx->stage) @@ -905,7 +910,8 @@ size_t ZSTD_decompressContinue(ZSTD_DCtx* dctx, void* dst, size_t dstCapacity, c return 0; default: - return ERROR(GENERIC); /* impossible */ + assert(0); /* impossible */ + return ERROR(GENERIC); /* some compiler require default to do something */ } } @@ -1530,7 +1536,9 @@ size_t ZSTD_decompressStream(ZSTD_DStream* zds, ZSTD_outBuffer* output, ZSTD_inB someMoreWork = 0; break; - default: return ERROR(GENERIC); /* impossible */ + default: + assert(0); /* impossible */ + return ERROR(GENERIC); /* some compiler require default to do something */ } } /* result */