Decompressing random file fails with buffer overflow at line 477.

zhenrong-wang / bcomp

A bit-based, simple algorithm for lossless compression.

MIT License

11 stars 3 forks source link

Decompressing random file fails with buffer overflow at line 477. #4

Open MarekKnapek opened 5 months ago

MarekKnapek commented 5 months ago

Create file with length of 6 bytes: 0xe2 0x00 0xff 0xff 0x00 0x04 and try to decompress it. Result is stack buffer overflow accessing variable dict_elems, it uses index 7. But the array has size only of [6] elements.

MarekKnapek commented 5 months ago

Discovered by fuzzing, report could be seen at: https://github.com/MarekKnapek/bcomp/actions/runs/9100798887/job/25016445618#step:3:59

zhenrong-wang commented 5 months ago

Sure this is the same reason as the previous issue. Will add another width check in the code to avoid this risk.

Thanks a lot!

zhenrong-wang commented 5 months ago

Fixed this issue and considering merge your efforts. But the previous PR contains some conflict. I need to resolve them.