Open MarekKnapek opened 5 months ago
Discovered by fuzzing, report could be seen at: https://github.com/MarekKnapek/bcomp/actions/runs/9100798887/job/25016445618#step:3:59
Sure this is the same reason as the previous issue. Will add another width check in the code to avoid this risk.
Thanks a lot!
Fixed this issue and considering merge your efforts. But the previous PR contains some conflict. I need to resolve them.
Create file with length of
6
bytes:0xe2 0x00 0xff 0xff 0x00 0x04
and try to decompress it. Result is stack buffer overflow accessing variabledict_elems
, it uses index 7. But the array has size only of[6]
elements.