Add more sanity checks to lzma_stream_buffer_decode().

author Lasse Collin <lasse.collin@tukaani.org>

Mon, 26 Jan 2009 12:33:28 +0000 (14:33 +0200)

committer Lasse Collin <lasse.collin@tukaani.org>

Mon, 26 Jan 2009 12:33:28 +0000 (14:33 +0200)
author Lasse Collin <lasse.collin@tukaani.org>
Mon, 26 Jan 2009 12:33:28 +0000 (14:33 +0200)
committer Lasse Collin <lasse.collin@tukaani.org>
Mon, 26 Jan 2009 12:33:28 +0000 (14:33 +0200)
diff --git a/src/liblzma/common/stream_buffer_decoder.c b/src/liblzma/common/stream_buffer_decoder.c

index 2418e42..aef2b98 100644 (file)
--- a/src/liblzma/common/stream_buffer_decoder.c
+++ b/src/liblzma/common/stream_buffer_decoder.c
@@ -26,6 +26,13 @@ lzma_stream_buffer_decode(uint64_t *memlimit, uint32_t flags,
                 const uint8_t *in, size_t *in_pos, size_t in_size,
                 uint8_t *out, size_t *out_pos, size_t out_size)
  {
+       // Sanity checks
+       if (in_pos == NULL || (in == NULL && *in_pos != in_size)
+                       || *in_pos > in_size || out_pos == NULL
+                       || (out == NULL && *out_pos != out_size)
+                       || *out_pos > out_size)
+               return LZMA_PROG_ERROR;
+
         // Catch flags that are not allowed in buffer-to-buffer decoding.
         if (flags & LZMA_TELL_ANY_CHECK)
                 return LZMA_PROG_ERROR;
author	Lasse Collin <lasse.collin@tukaani.org>
	Mon, 26 Jan 2009 12:33:28 +0000 (14:33 +0200)
committer	Lasse Collin <lasse.collin@tukaani.org>
	Mon, 26 Jan 2009 12:33:28 +0000 (14:33 +0200)