From 0ca1297ff1c4512445ea57dbedaaf88f247f62fb Mon Sep 17 00:00:00 2001 From: Martin Liska Date: Tue, 27 Aug 2024 10:00:36 +0200 Subject: [PATCH 1/2] Add check for uncompressed data --- src/read/mod.rs | 63 ++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/src/read/mod.rs b/src/read/mod.rs index 50bcd7b2..2366e1cf 100644 --- a/src/read/mod.rs +++ b/src/read/mod.rs @@ -966,31 +966,7 @@ impl<'data> CompressedData<'data> { match self.format { CompressionFormat::None => Ok(Cow::Borrowed(self.data)), #[cfg(feature = "compression")] - CompressionFormat::Zlib => { - use core::convert::TryInto; - let size = self - .uncompressed_size - .try_into() - .ok() - .read_error("Uncompressed data size is too large.")?; - let mut decompressed = Vec::new(); - decompressed - .try_reserve_exact(size) - .ok() - .read_error("Uncompressed data allocation failed")?; - let mut decompress = flate2::Decompress::new(true); - decompress - .decompress_vec( - self.data, - &mut decompressed, - flate2::FlushDecompress::Finish, - ) - .ok() - .read_error("Invalid zlib compressed data")?; - Ok(Cow::Owned(decompressed)) - } - #[cfg(feature = "compression")] - CompressionFormat::Zstandard => { + CompressionFormat::Zlib | CompressionFormat::Zstandard => { use core::convert::TryInto; use std::io::Read; let size = self @@ -1003,13 +979,36 @@ impl<'data> CompressedData<'data> { .try_reserve_exact(size) .ok() .read_error("Uncompressed data allocation failed")?; - let mut decoder = ruzstd::StreamingDecoder::new(self.data) - .ok() - .read_error("Invalid zstd compressed data")?; - decoder - .read_to_end(&mut decompressed) - .ok() - .read_error("Invalid zstd compressed data")?; + + match self.format { + CompressionFormat::Zlib => { + let mut decompress = flate2::Decompress::new(true); + decompress + .decompress_vec( + self.data, + &mut decompressed, + flate2::FlushDecompress::Finish, + ) + .ok() + .read_error("Invalid zlib compressed data")?; + } + CompressionFormat::Zstandard => { + let mut decoder = ruzstd::StreamingDecoder::new(self.data) + .ok() + .read_error("Invalid zstd compressed data")?; + decoder + .read_to_end(&mut decompressed) + .ok() + .read_error("Invalid zstd compressed data")?; + } + _ => unreachable!(), + } + if size != decompressed.len() { + return Err(Error( + "Uncompressed size does not match the uncompressed size declared in the compression header", + )); + } + Ok(Cow::Owned(decompressed)) } _ => Err(Error("Unsupported compressed data.")), From 66b2dcff9a5e2ca30e2326476670707a96b97a1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Li=C5=A1ka?= Date: Tue, 27 Aug 2024 10:29:18 +0200 Subject: [PATCH 2/2] Update src/read/mod.rs Co-authored-by: Philip Craig --- src/read/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/read/mod.rs b/src/read/mod.rs index 2366e1cf..40cba663 100644 --- a/src/read/mod.rs +++ b/src/read/mod.rs @@ -1005,7 +1005,7 @@ impl<'data> CompressedData<'data> { } if size != decompressed.len() { return Err(Error( - "Uncompressed size does not match the uncompressed size declared in the compression header", + "Uncompressed data size does not match compression header", )); }