1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib/compression
Douglas Bagnall 6f77b376d4 compression/huffman: avoid semi-defined behaviour in decompress
We had

               output[output_pos - distance];

where output_pos and distance are size_t and distance can be greater
than output_pos (because it refers to a place in the previous block).

The underflow is defined, leading to a big number, and when
sizeof(size_t) == sizeof(*uint8_t) the subsequent overflow works as
expected. But if size_t is smaller than a pointer, bad things will
happen.

This was found by OSSFuzz with
'UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1'.

Credit to OSSFuzz.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
..
tests lib/compression: Include missing stat header file 2022-12-06 11:39:16 +00:00
lzxpress_huffman.c compression/huffman: avoid semi-defined behaviour in decompress 2022-12-19 22:32:35 +00:00
lzxpress_huffman.h lib/compression: LZ77 + Huffman compression 2022-12-01 22:56:39 +00:00
lzxpress.c lib/compression/lzxpress: fix our slow compression 2022-12-02 00:00:04 +00:00
lzxpress.h
wscript_build lib/comression: convert test_lzxpress_plain to cmocka 2022-12-01 22:56:39 +00:00