1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 06:07:44 +00:00

LibCompress: Avoid buffer overrun when building canonical Huffman code

Previously, decompressing a DEFLATE stream an invalid canonical
Huffman code could cause a buffer overrun. We now return an error in
this case.
This commit is contained in:
Tim Ledbetter 2023-10-09 17:54:49 +01:00 committed by Tim Schumacher
parent bc6638682d
commit 2f26a7bb12
2 changed files with 10 additions and 0 deletions

View file

@ -100,6 +100,9 @@ ErrorOr<CanonicalCode> CanonicalCode::from_bytes(ReadonlyBytes bytes)
return Error::from_string_literal("Failed to decode code lengths");
if (code_length <= CanonicalCode::max_allowed_prefixed_code_length) {
if (number_of_prefix_codes >= prefix_codes.size())
return Error::from_string_literal("Invalid canonical Huffman code");
auto& prefix_code = prefix_codes[number_of_prefix_codes++];
prefix_code.symbol_code = next_code;
prefix_code.symbol_value = symbol;