Commit 97e514bf authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

decomp: fix heap overflow and cleanup (fixes #12052)

(cherry picked from commit aed1b6da46d484f18dbb36dbb5e62c4d4f9ec070)
parent ae2e2e4d
......@@ -183,16 +183,19 @@ static int Peek (stream_t *, const uint8_t **, unsigned int);
*/
static int Read (stream_t *stream, void *buf, unsigned int buflen)
{
stream_sys_t *p_sys = stream->p_sys;
block_t *peeked;
ssize_t length;
stream_sys_t *sys = stream->p_sys;
unsigned ret = 0;
if (buf == NULL) /* caller skips data, get big enough peek buffer */
buflen = Peek (stream, &(const uint8_t *){ NULL }, buflen);
if ((peeked = p_sys->peeked) != NULL)
block_t *peeked = sys->peeked;
if (peeked != NULL)
{ /* dequeue peeked data */
length = (buflen > peeked->i_buffer) ? peeked->i_buffer : buflen;
size_t length = peeked->i_buffer;
if (length > buflen)
length = buflen;
if (buf != NULL)
{
memcpy (buf, peeked->p_buffer, length);
......@@ -201,24 +204,25 @@ static int Read (stream_t *stream, void *buf, unsigned int buflen)
buflen -= length;
peeked->p_buffer += length;
peeked->i_buffer -= length;
if (peeked->i_buffer == 0)
{
block_Release (peeked);
p_sys->peeked = NULL;
sys->peeked = NULL;
}
p_sys->offset += length;
if (buflen > 0)
length += Read (stream, ((char *)buf) + length, buflen - length);
return length;
sys->offset += length;
ret += length;
}
assert ((buf != NULL) || (buflen == 0));
length = net_Read (stream, p_sys->read_fd, NULL, buf, buflen, false);
if (length < 0)
return 0;
p_sys->offset += length;
return length;
ssize_t val = net_Read (stream, sys->read_fd, NULL, buf, buflen, false);
if (val > 0)
{
sys->offset += val;
ret += val;
}
return ret;
}
/**
......@@ -226,23 +230,32 @@ static int Read (stream_t *stream, void *buf, unsigned int buflen)
*/
static int Peek (stream_t *stream, const uint8_t **pbuf, unsigned int len)
{
stream_sys_t *p_sys = stream->p_sys;
block_t *peeked = p_sys->peeked;
size_t curlen = 0;
int fd = p_sys->read_fd;
stream_sys_t *sys = stream->p_sys;
block_t *peeked = sys->peeked;
size_t curlen;
if (peeked == NULL)
peeked = block_Alloc (len);
else if ((curlen = peeked->i_buffer) < len)
if (peeked != NULL)
{
curlen = peeked->i_buffer;
if (curlen < len)
peeked = block_Realloc (peeked, 0, len);
}
else
{
curlen = 0;
peeked = block_Alloc (len);
}
if ((p_sys->peeked = peeked) == NULL)
sys->peeked = peeked;
if (unlikely(peeked == NULL))
return 0;
while (curlen < len)
{
ssize_t val = net_Read (stream, fd, NULL, peeked->p_buffer + curlen,
len - curlen, false);
ssize_t val;
val = net_Read (stream, sys->read_fd, NULL,
peeked->p_buffer + curlen, len - curlen, false);
if (val <= 0)
break;
curlen += val;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment