commit 8d6940814a90166e468cee810820e8fc5b74e89d
parent 7f3dc8327ac1f6b4a0ec377b5ec04e279b682cab
Author: Alexander Færøy <ahf@torproject.org>
Date: Thu, 28 Sep 2017 16:46:10 +0200
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.
See: https://bugs.torproject.org/23551
Diffstat:
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/changes/bug23551 b/changes/bug23551
@@ -0,0 +1,3 @@
+ o Minor bugfixes (compression):
+ - Handle a pathological case when decompressing Zstandard data when the
+ output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
diff --git a/src/common/compress.c b/src/common/compress.c
@@ -546,6 +546,13 @@ tor_compress_process(tor_compress_state_t *state,
const size_t out_len_orig = *out_len;
tor_compress_output_t rv;
+ if (*out_len == 0 && (*in_len > 0 || finish)) {
+ // If we still have input data, but no space for output data, we might as
+ // well return early and let the caller do the reallocation of the out
+ // variable.
+ return TOR_COMPRESS_BUFFER_FULL;
+ }
+
switch (state->method) {
case GZIP_METHOD:
case ZLIB_METHOD:
