evesque / fastlz

Automatically exported from code.google.com/p/fastlz
Other
0 stars 0 forks source link

Can read past end of input #9

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,

The following program makes FastLZ read past the end of its input, possibly 
causing a crash:

#include <string.h>
#include <stdlib.h>
#include "fastlz.h"

int main(int argc, char** argv)
{
        char out[4096];
        char *in = (char *)malloc(6);
        in[0] = 0x23;
        in[1] = 0x00;
        in[2] = 0x00;
        in[3] = 0x00;
        in[4] = 0x00;
        in[5] = 0x40;

        return fastlz_decompress(in, 6, out, 4096);
}

You can verify the read-past-end behavior with Valgrind or similar.

Original issue reported on code.google.com by sgunder...@bigfoot.com on 1 Mar 2012 at 6:17