From 1a862175d52eb35efd7ecb368c1806b4ac1e7886 Mon Sep 17 00:00:00 2001 From: dweiller <4678790+dweiller@users.noreplay.github.com> Date: Mon, 13 Feb 2023 18:02:25 +1100 Subject: [PATCH] std.compress.zstandard: fix zstandardStream content size validation --- lib/std/compress/zstandard.zig | 9 +++++++-- lib/std/compress/zstandard/decompress.zig | 8 ++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/lib/std/compress/zstandard.zig b/lib/std/compress/zstandard.zig index 58af6c7aef..e6accb9f2e 100644 --- a/lib/std/compress/zstandard.zig +++ b/lib/std/compress/zstandard.zig @@ -177,9 +177,14 @@ pub fn ZstandardStream( ) catch return error.MalformedBlock; + if (self.frame_context.content_size) |size| { + if (self.current_frame_decompressed_size > size) return error.MalformedFrame; + } + + const size = self.buffer.len(); + self.current_frame_decompressed_size += size; + if (self.frame_context.hasher_opt) |*hasher| { - const size = self.buffer.len(); - self.current_frame_decompressed_size += size; if (size > 0) { const written_slice = self.buffer.sliceLast(size); hasher.update(written_slice.first); diff --git a/lib/std/compress/zstandard/decompress.zig b/lib/std/compress/zstandard/decompress.zig index 7bcfb0a936..31c5660642 100644 --- a/lib/std/compress/zstandard/decompress.zig +++ b/lib/std/compress/zstandard/decompress.zig @@ -497,6 +497,11 @@ pub fn decodeZstandardFrameBlocksArrayList( &consumed_count, frame_context.block_size_max, ); + if (frame_context.content_size) |size| { + if (dest.items.len - initial_len > size) { + return error.BadContentSize; + } + } if (written_size > 0) { const written_slice = ring_buffer.sliceLast(written_size); try dest.appendSlice(written_slice.first); @@ -508,9 +513,8 @@ pub fn decodeZstandardFrameBlocksArrayList( } if (block_header.last_block) break; } - const added_len = dest.items.len - initial_len; if (frame_context.content_size) |size| { - if (added_len != size) { + if (dest.items.len - initial_len != size) { return error.BadContentSize; } }