From 332294d711adfbf0d6afc8bba5dc325370282055 Mon Sep 17 00:00:00 2001 From: pawanjay176 Date: Thu, 7 May 2020 01:43:49 +0530 Subject: [PATCH] fix unsafe subtraction in FrameDecoder --- src/error.rs | 5 ++--- src/read.rs | 12 ++++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/error.rs b/src/error.rs index e2b2c6f..be23d79 100644 --- a/src/error.rs +++ b/src/error.rs @@ -153,9 +153,8 @@ pub enum Error { /// The chunk type byte that was read. byte: u8, }, - /// This error occurs when trying to read a chunk with length greater than - /// that supported by this library when reading a Snappy frame formatted - /// stream. + /// This error occurs when trying to read a chunk with an unexpected or + /// incorrect length when reading a Snappy frame formatted stream. /// This error only occurs when reading a Snappy frame formatted stream. UnsupportedChunkLength { /// The length of the chunk encountered. diff --git a/src/read.rs b/src/read.rs index 565595b..362c2d7 100644 --- a/src/read.rs +++ b/src/read.rs @@ -166,6 +166,12 @@ impl io::Read for FrameDecoder { } } Ok(ChunkType::Uncompressed) => { + if len < 4 { + fail!(Error::UnsupportedChunkLength { + len: len as u64, + header: false, + }); + } let expected_sum = bytes::io_read_u32_le(&mut self.r)?; let n = len - 4; if n > self.dst.len() { @@ -187,6 +193,12 @@ impl io::Read for FrameDecoder { self.dste = n; } Ok(ChunkType::Compressed) => { + if len < 4 { + fail!(Error::UnsupportedChunkLength { + len: len as u64, + header: false, + }); + } let expected_sum = bytes::io_read_u32_le(&mut self.r)?; let sn = len - 4; if sn > self.src.len() {