From: Michał Chojnowski <michal.chojnowski@scylladb.com>
Date: Sat, 16 Dec 2023 11:32:52 +0000 (+0100)
Subject: Fix a nullptr dereference in ZSTD_createCDict_advanced2()
X-Git-Tag: v1.5.6^2~89^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3847%2Fhead;p=thirdparty%2Fzstd.git

Fix a nullptr dereference in ZSTD_createCDict_advanced2()

If the relevant allocation returns NULL, ZSTD_createCDict_advanced_internal()
will return NULL. But ZSTD_createCDict_advanced2() doesn't check for
this and attempts to use the returned pointer anyway, which leads to
a segfault.
---

diff --git a/lib/compress/zstd_compress.c b/lib/compress/zstd_compress.c
index cdd763ff6..dc892dae7 100644
--- a/lib/compress/zstd_compress.c
+++ b/lib/compress/zstd_compress.c
@@ -5525,7 +5525,7 @@ ZSTD_CDict* ZSTD_createCDict_advanced2(
                         cctxParams.useRowMatchFinder, cctxParams.enableDedicatedDictSearch,
                         customMem);
 
-    if (ZSTD_isError( ZSTD_initCDict_internal(cdict,
+    if (!cdict || ZSTD_isError( ZSTD_initCDict_internal(cdict,
                                     dict, dictSize,
                                     dictLoadMethod, dictContentType,
                                     cctxParams) )) {