From c3aaada8ac7c1182ee9452cfaf91da1bab22cd3a Mon Sep 17 00:00:00 2001 From: Davide Berardi Date: Tue, 26 Jan 2021 17:23:03 +0100 Subject: [PATCH] Return coherency and signed overflow --- snappy-fox.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/snappy-fox.c b/snappy-fox.c index 733caf9..0345ba2 100644 --- a/snappy-fox.c +++ b/snappy-fox.c @@ -111,8 +111,11 @@ static int32_t parse_literal(uint8_t *cdata, uint32_t cidx, uint32_t clength, return -1; lenval = (int32_t)lenval_u; + if (*idx > length || clen > length) + return -1; + if (*idx + clen > length) - return -9; + return -1; prdebug("Copying literal %d bytes at (u:%d c:%d (%lu))\n", clen, *idx, offsetval, offsetval);