Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

LIT Input: Fix a buffer overflow caused by malformed LIT files

Browse Source 
Fixes #1713716 [Private bug](https://bugs.launchpad.net/calibre/+bug/1713716)
This commit is contained in:
Kovid Goyal 2017-08-29 20:11:00 +05:30
parent d77a86e803
commit 181f595294
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/calibre/utils/lzx/lzxd.c
View File

@ -403,8 +403,13 @@ struct lzxd_stream *lzxd_init(struct mspack_system *system,
/* LZX supports window sizes of 2^15 (32Kb) through 2^21 (2Mb) */
if (window_bits < 15 || window_bits > 21) return NULL;
if (reset_interval < 0 || output_length < 0) {
D(("reset interval or output length < 0"))
return NULL;
}
input_buffer_size = (input_buffer_size + 1) & -2;
if (!input_buffer_size) return NULL;
if (input_buffer_size < 2) return NULL;
/* initialise static data */
lzxd_static_init();
@ -458,7 +463,7 @@ struct lzxd_stream *lzxd_init(struct mspack_system *system,
}
void lzxd_set_output_length(struct lzxd_stream *lzx, off_t out_bytes) {
if (lzx) lzx->length = out_bytes;
if (lzx && out_bytes > 0) lzx->length = out_bytes;
}
int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) {