zstd icon indicating copy to clipboard operation
zstd copied to clipboard

Published 20 hours ago verified publisher icon facebook

Missing check on failed allocation leads to NULL-ptr dereference

Open benhawkes opened this issue 1 year ago • 1 comments

Describe the bug

In the ZBUFFv06_createDCtx function in lib/legacy/zstd_v06.c, there is an unchecked allocation failure that can result in a NULL-ptr dereference when calling ZSTD_decompressStream in low-memory conditions. Specifically the following line in ZBUFFv06_createDCtx is unchecked:

zbd->zd = ZSTDv06_createDCtx();

If this allocation fails, a NULL-ptr deference in ZSTDv06_decompressBegin (via ZSTDv06_decompressBegin_usingDict) can be observed.

It looks like there are similar cases in lib/legacy/zstd_v05.c and lib/legacy/zstd_v04.c

benhawkes avatar Apr 16 '24 17:04 benhawkes

Seems like an one-liner fix, just added a patch for it.

Adenilson avatar May 17 '24 20:05 Adenilson