summaryrefslogtreecommitdiffstats
path: root/lib/decompress_unzstd.c
diff options
context:
space:
mode:
authorPaul Cercueil <paul@crapouillou.net>2020-09-01 16:26:50 +0200
committerThomas Bogendoerfer <tsbogend@alpha.franken.de>2020-09-03 10:13:09 +0200
commit1c4dd334df3a0627ff57b35612057e2b497e373b (patch)
tree0ad03f863d2c803b825494d8d111fc87f2a91512 /lib/decompress_unzstd.c
parentMIPS: SGI-IP32: No need to include mc14818*.h (diff)
downloadlinux-1c4dd334df3a0627ff57b35612057e2b497e373b.tar.xz
linux-1c4dd334df3a0627ff57b35612057e2b497e373b.zip
lib: decompress_unzstd: Limit output size
The zstd decompression code, as it is right now, will most likely fail on 32-bit systems, as the default output buffer size causes the buffer's end address to overflow. Address this issue by setting a sane default to the default output size, with a value that won't overflow the buffer's end address. Signed-off-by: Paul Cercueil <paul@crapouillou.net> Reviewed-by: Nick Terrell <terrelln@fb.com> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Diffstat (limited to 'lib/decompress_unzstd.c')
-rw-r--r--lib/decompress_unzstd.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/decompress_unzstd.c b/lib/decompress_unzstd.c
index 0ad2c15479ed..790abc472f5b 100644
--- a/lib/decompress_unzstd.c
+++ b/lib/decompress_unzstd.c
@@ -178,8 +178,13 @@ static int INIT __unzstd(unsigned char *in_buf, long in_len,
int err;
size_t ret;
+ /*
+ * ZSTD decompression code won't be happy if the buffer size is so big
+ * that its end address overflows. When the size is not provided, make
+ * it as big as possible without having the end address overflow.
+ */
if (out_len == 0)
- out_len = LONG_MAX; /* no limit */
+ out_len = UINTPTR_MAX - (uintptr_t)out_buf;
if (fill == NULL && flush == NULL)
/*