Add more sanity checks to lzma_stream_buffer_decode().

author: Lasse Collin <lasse.collin@tukaani.org> 2009-01-26 14:33:28 +0200
committer: Lasse Collin <lasse.collin@tukaani.org> 2009-01-26 14:33:28 +0200
commit: 5fb34d8324d3e7e0061df25d0086b64c8726b19d (patch)
tree: f90e4c74682049d8cc74c3766259e1b3b063e157 /src/liblzma/common
parent: Avoid hardcoded constant in easy.c. (diff)
download: xz-5fb34d8324d3e7e0061df25d0086b64c8726b19d.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/liblzma/common/stream_buffer_decoder.c b/src/liblzma/common/stream_buffer_decoder.c
index 2418e420..aef2b982 100644
--- a/src/liblzma/common/stream_buffer_decoder.c
+++ b/src/liblzma/common/stream_buffer_decoder.c
@@ -26,6 +26,13 @@ lzma_stream_buffer_decode(uint64_t *memlimit, uint32_t flags,
 		const uint8_t *in, size_t *in_pos, size_t in_size,
 		uint8_t *out, size_t *out_pos, size_t out_size)
 {
+	// Sanity checks
+	if (in_pos == NULL || (in == NULL && *in_pos != in_size)
+			|| *in_pos > in_size || out_pos == NULL
+			|| (out == NULL && *out_pos != out_size)
+			|| *out_pos > out_size)
+		return LZMA_PROG_ERROR;
+
 	// Catch flags that are not allowed in buffer-to-buffer decoding.
 	if (flags & LZMA_TELL_ANY_CHECK)
 		return LZMA_PROG_ERROR;
author	Lasse Collin <lasse.collin@tukaani.org>	2009-01-26 14:33:28 +0200
committer	Lasse Collin <lasse.collin@tukaani.org>	2009-01-26 14:33:28 +0200
commit	5fb34d8324d3e7e0061df25d0086b64c8726b19d (patch)
tree	f90e4c74682049d8cc74c3766259e1b3b063e157 /src/liblzma/common
parent	Avoid hardcoded constant in easy.c. (diff)
download	xz-5fb34d8324d3e7e0061df25d0086b64c8726b19d.tar.xz