aboutsummaryrefslogtreecommitdiff
path: root/src/liblzma/common
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2009-01-26 14:33:28 +0200
committerLasse Collin <lasse.collin@tukaani.org>2009-01-26 14:33:28 +0200
commit5fb34d8324d3e7e0061df25d0086b64c8726b19d (patch)
treef90e4c74682049d8cc74c3766259e1b3b063e157 /src/liblzma/common
parentAvoid hardcoded constant in easy.c. (diff)
downloadxz-5fb34d8324d3e7e0061df25d0086b64c8726b19d.tar.xz
Add more sanity checks to lzma_stream_buffer_decode().
Diffstat (limited to 'src/liblzma/common')
-rw-r--r--src/liblzma/common/stream_buffer_decoder.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/liblzma/common/stream_buffer_decoder.c b/src/liblzma/common/stream_buffer_decoder.c
index 2418e420..aef2b982 100644
--- a/src/liblzma/common/stream_buffer_decoder.c
+++ b/src/liblzma/common/stream_buffer_decoder.c
@@ -26,6 +26,13 @@ lzma_stream_buffer_decode(uint64_t *memlimit, uint32_t flags,
const uint8_t *in, size_t *in_pos, size_t in_size,
uint8_t *out, size_t *out_pos, size_t out_size)
{
+ // Sanity checks
+ if (in_pos == NULL || (in == NULL && *in_pos != in_size)
+ || *in_pos > in_size || out_pos == NULL
+ || (out == NULL && *out_pos != out_size)
+ || *out_pos > out_size)
+ return LZMA_PROG_ERROR;
+
// Catch flags that are not allowed in buffer-to-buffer decoding.
if (flags & LZMA_TELL_ANY_CHECK)
return LZMA_PROG_ERROR;