diff options
author | Martin Matuska <martin@matuska.org> | 2017-01-24 23:50:04 +0100 |
---|---|---|
committer | Martin Matuska <martin@matuska.org> | 2017-01-24 23:53:51 +0100 |
commit | 51d7afd3644fdad725dd8faa7606b864fd125f88 (patch) | |
tree | 2a5b587a1b005714b9a5af7b3b0177d75dad0858 /libarchive/archive_read_support_filter_lz4.c | |
parent | ab310dbcc03aee3efcf39fd4811e4d90350e4be3 (diff) | |
download | libarchive-51d7afd3644fdad725dd8faa7606b864fd125f88.tar.gz |
Fix possible null pointer dereference in lz4_filter_read_legacy_stream()
Reported-By: OSS-Fuzz issue 453
Diffstat (limited to 'libarchive/archive_read_support_filter_lz4.c')
-rw-r--r-- | libarchive/archive_read_support_filter_lz4.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libarchive/archive_read_support_filter_lz4.c b/libarchive/archive_read_support_filter_lz4.c index 4c66ed04..663e2d3d 100644 --- a/libarchive/archive_read_support_filter_lz4.c +++ b/libarchive/archive_read_support_filter_lz4.c @@ -706,6 +706,11 @@ lz4_filter_read_legacy_stream(struct archive_read_filter *self, const void **p) /* Make sure we have a whole block. */ read_buf = __archive_read_filter_ahead(self->upstream, 4 + compressed, NULL); + if (read_buf == NULL) { + archive_set_error(&(self->archive->archive), + ARCHIVE_ERRNO_MISC, "truncated lz4 input"); + return (ARCHIVE_FATAL); + } ret = LZ4_decompress_safe(read_buf + 4, state->out_block, compressed, (int)state->out_block_size); if (ret < 0) { |