Fix possible null pointer dereference in lz4_filter_read_legacy_stream()

Reported-By: OSS-Fuzz issue 453
author: Martin Matuska <martin@matuska.org> 2017-01-24 23:50:04 +0100
committer: Martin Matuska <martin@matuska.org> 2017-01-24 23:53:51 +0100
commit: 51d7afd3644fdad725dd8faa7606b864fd125f88 (patch)
tree: 2a5b587a1b005714b9a5af7b3b0177d75dad0858 /libarchive/archive_read_support_filter_lz4.c
parent: ab310dbcc03aee3efcf39fd4811e4d90350e4be3 (diff)
download: libarchive-51d7afd3644fdad725dd8faa7606b864fd125f88.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libarchive/archive_read_support_filter_lz4.c b/libarchive/archive_read_support_filter_lz4.c
index 4c66ed04..663e2d3d 100644
--- a/libarchive/archive_read_support_filter_lz4.c
+++ b/libarchive/archive_read_support_filter_lz4.c
@@ -706,6 +706,11 @@ lz4_filter_read_legacy_stream(struct archive_read_filter *self, const void **p)
 	/* Make sure we have a whole block. */
 	read_buf = __archive_read_filter_ahead(self->upstream,
 	    4 + compressed, NULL);
+	if (read_buf == NULL) {
+		archive_set_error(&(self->archive->archive),
+		    ARCHIVE_ERRNO_MISC, "truncated lz4 input");
+		return (ARCHIVE_FATAL);
+	}
 	ret = LZ4_decompress_safe(read_buf + 4, state->out_block,
 	    compressed, (int)state->out_block_size);
 	if (ret < 0) {
author	Martin Matuska <martin@matuska.org>	2017-01-24 23:50:04 +0100
committer	Martin Matuska <martin@matuska.org>	2017-01-24 23:53:51 +0100
commit	51d7afd3644fdad725dd8faa7606b864fd125f88 (patch)
tree	2a5b587a1b005714b9a5af7b3b0177d75dad0858 /libarchive/archive_read_support_filter_lz4.c
parent	ab310dbcc03aee3efcf39fd4811e4d90350e4be3 (diff)
download	libarchive-51d7afd3644fdad725dd8faa7606b864fd125f88.tar.gz