From: Martin Matuska <martin@matuska.org>
Date: Tue, 24 Jan 2017 22:50:04 +0000 (+0100)
Subject: Fix possible null pointer dereference in lz4_filter_read_legacy_stream()
X-Git-Tag: v3.3.0~43
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=51d7afd3644fdad725dd8faa7606b864fd125f88;p=thirdparty%2Flibarchive.git

Fix possible null pointer dereference in lz4_filter_read_legacy_stream()

Reported-By:	OSS-Fuzz issue 453
---

diff --git a/libarchive/archive_read_support_filter_lz4.c b/libarchive/archive_read_support_filter_lz4.c
index 4c66ed04d..663e2d3d6 100644
--- a/libarchive/archive_read_support_filter_lz4.c
+++ b/libarchive/archive_read_support_filter_lz4.c
@@ -706,6 +706,11 @@ lz4_filter_read_legacy_stream(struct archive_read_filter *self, const void **p)
 	/* Make sure we have a whole block. */
 	read_buf = __archive_read_filter_ahead(self->upstream,
 	    4 + compressed, NULL);
+	if (read_buf == NULL) {
+		archive_set_error(&(self->archive->archive),
+		    ARCHIVE_ERRNO_MISC, "truncated lz4 input");
+		return (ARCHIVE_FATAL);
+	}
 	ret = LZ4_decompress_safe(read_buf + 4, state->out_block,
 	    compressed, (int)state->out_block_size);
 	if (ret < 0) {