GithubHelp home page GithubHelp logo

Buffer bounds about zstd HOT 4 CLOSED

facebook avatar facebook commented on April 27, 2024
Buffer bounds

from zstd.

Comments (4)

Cyan4973 avatar Cyan4973 commented on April 27, 2024

Hi Luben

Yes that's correct. Zstd is not yet protected against buffer overflow, hence not ready for production usage.

The first error surprised me : ZSTD_compress() is supposed to be protected against overflow, because it requires maxDstSize >= ZSTD_compressBound(rawSize).
But looking at the code, it seems this protection was removed during one of the refactoring exercise. Not a huge deal, since this protection is supposed to be temporary, but as long as the definitive solution is not avaiable, it should stay around, so I'll update the code to re-instate that condition.

ZSTD_decompress(), on the other hand, is more difficult to protect. So it will require a bit more time to get there.

Best Regards

from zstd.

Cyan4973 avatar Cyan4973 commented on April 27, 2024

Latest version in "dev" branch seems to correctly prevent buffer overflow during compression.
On the other hand, decompression side still needs to be done.

For the record, here is my slightly modified version of your very useful test program :

#include <stdio.h>
#include <stdlib.h>
#include "zstd.h"

#define SAMPLE_SIZE 1000
#define CBUFF_SIZE (ZSTD_compressBound(SAMPLE_SIZE)) 
#define DBUFF_SIZE (SAMPLE_SIZE-100)
int main(int argc, char **argv ) {
    char *raw = (char *)malloc(SAMPLE_SIZE);
    char compressed[CBUFF_SIZE];
    char decompressed[DBUFF_SIZE];
    size_t i, ccode, dcode;

    // fill it with ones
    for (i=0; i<1000; i++) raw[i] = 1;

    ccode = ZSTD_compress(compressed, 20, raw, SAMPLE_SIZE);
    printf("Max 20 : Compression code %zu\n", ccode);   /* will correctly return an error code */
    ccode = ZSTD_compress(compressed, CBUFF_SIZE, raw, SAMPLE_SIZE);
    printf("Max CBUFF_SIZE : Compression code %zu\n", ccode);
    dcode = ZSTD_decompress(decompressed, DBUFF_SIZE, compressed, ccode);   /* will smash the stack */
    printf("Decompression code %zu\n", dcode);
    return 0;
}

from zstd.

Cyan4973 avatar Cyan4973 commented on April 27, 2024

By the way, the decoding side of this issue seems technically the same as #11. Maybe we should fold both issues into one.

from zstd.

Cyan4973 avatar Cyan4973 commented on April 27, 2024

Merged this issue into #11

from zstd.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.