Closed GoogleCodeExporter closed 8 years ago
Well, i guess your statement is correct.
For a more complete picture, here is what kind of protection the function
provides :
The function indeed never writes outside of output buffer.
It also never writes into, nor outside of input buffer.
it never "reads" outside of output buffer,
and never "reads" before input buffer.
So i guess it remains the risk that it can be instructed to "read" after input
buffer, especially if the data is hand-crafted for this objective. Not sure if
it is enough to execute a malicious code (i guess not), but this could
nonetheless be considered an attack.
Maybe LZ4_uncompress_unknownOutputSize() could be renamed into
LZ4_uncompress_safe(), or something like that....
Original comment by yann.col...@gmail.com
on 31 Oct 2012 at 4:27
I'll look into it.
Original comment by yann.col...@gmail.com
on 31 Oct 2012 at 4:28
Corrected into r82.
Original comment by yann.col...@gmail.com
on 3 Nov 2012 at 9:06
Original issue reported on code.google.com by
palsto...@gmail.com
on 31 Oct 2012 at 2:12