Fix bug that could cause reallocation in brotli decompressed blocks

This ultimately could have led to corruption and was caught by ASAN.
2025-09-08 11:59:48 -04:00 · 2023-07-11 19:18:40 +02:00 · 2023-07-11 19:18:40 +02:00 · 18e0027588
commit 18e0027588
parent 10924eb319
1 changed files with 11 additions and 0 deletions
--- a/src/dwarfs/compression/brotli.cpp
+++ b/src/dwarfs/compression/brotli.cpp
@ -19,6 +19,8 @@
 * along with dwarfs.  If not, see <https://www.gnu.org/licenses/>.
 */

+#include <cassert>
+
 #include <brotli/decode.h>
 #include <brotli/encode.h>

@ -114,6 +116,15 @@ class brotli_block_decompressor final : public block_decompressor::impl {

  bool decompress_frame(size_t frame_size) override {
    size_t pos = decompressed_.size();
+
+    if (pos + frame_size > uncompressed_size_) {
+      assert(uncompressed_size_ >= pos);
+      frame_size = uncompressed_size_ - pos;
+    }
+
+    assert(pos + frame_size <= uncompressed_size_);
+    assert(frame_size > 0);
+
    decompressed_.resize(pos + frame_size);
    uint8_t* next_out = &decompressed_[pos];