From 18e00275883e2402d610cebe3b9d2c8633511b66 Mon Sep 17 00:00:00 2001
From: Marcus Holland-Moritz <github@mhxnet.de>
Date: Tue, 11 Jul 2023 19:18:40 +0200
Subject: [PATCH] Fix bug that could cause reallocation in brotli decompressed
 blocks

This ultimately could have led to corruption and was caught by ASAN.
---
 src/dwarfs/compression/brotli.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/dwarfs/compression/brotli.cpp b/src/dwarfs/compression/brotli.cpp
index 0709a6c7..d3426b5b 100644
--- a/src/dwarfs/compression/brotli.cpp
+++ b/src/dwarfs/compression/brotli.cpp
@@ -19,6 +19,8 @@
  * along with dwarfs.  If not, see <https://www.gnu.org/licenses/>.
  */
 
+#include <cassert>
+
 #include <brotli/decode.h>
 #include <brotli/encode.h>
 
@@ -114,6 +116,15 @@ class brotli_block_decompressor final : public block_decompressor::impl {
 
   bool decompress_frame(size_t frame_size) override {
     size_t pos = decompressed_.size();
+
+    if (pos + frame_size > uncompressed_size_) {
+      assert(uncompressed_size_ >= pos);
+      frame_size = uncompressed_size_ - pos;
+    }
+
+    assert(pos + frame_size <= uncompressed_size_);
+    assert(frame_size > 0);
+
     decompressed_.resize(pos + frame_size);
     uint8_t* next_out = &decompressed_[pos];