libelf: check decompressed ZSTD size

Message ID 20231123153147.537151-1-vvvvvv@google.com
State Committed
Headers
Series libelf: check decompressed ZSTD size |

Commit Message

Aleksei Vetrov Nov. 23, 2023, 3:31 p.m. UTC
  Decompression functions like __libelf_decompress_zlib check that
decompressed data has the same size as it was declared in the header
(size_out argument). The same check is now added to
__libelf_decompress_zstd to make sure that the whole allocated buffer is
initialized.

    * libelf/elf_compress.c (__libelf_decompress_zstd): Use return value
      of ZSTD_decompress to check that decompressed data size is the
      same as size_out of the buffer that was allocated.

Signed-off-by: Aleksei Vetrov <vvvvvv@google.com>
---
 libelf/elf_compress.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Mark Wielaard Nov. 23, 2023, 11:32 p.m. UTC | #1
Hi Aleksei,

On Thu, Nov 23, 2023 at 03:31:47PM +0000, Aleksei Vetrov wrote:
> Decompression functions like __libelf_decompress_zlib check that
> decompressed data has the same size as it was declared in the header
> (size_out argument). The same check is now added to
> __libelf_decompress_zstd to make sure that the whole allocated buffer is
> initialized.
> 
>     * libelf/elf_compress.c (__libelf_decompress_zstd): Use return value
>       of ZSTD_decompress to check that decompressed data size is the
>       same as size_out of the buffer that was allocated.

Thanks, this makes sense. If the decompressed size isn't what was
encoded in the Chdr then we could reduce the size of the d_buf/d_size,
but that probably is not what the user expects. Flagging it as
bad/inconsistent data makes sense. Especially since we do the same for
zlib compressed data.

Pushed,

Mark
  

Patch

diff --git a/libelf/elf_compress.c b/libelf/elf_compress.c
index c7283c6a..0ad6a32a 100644
--- a/libelf/elf_compress.c
+++ b/libelf/elf_compress.c
@@ -422,7 +422,7 @@  __libelf_decompress_zstd (void *buf_in, size_t size_in, size_t size_out)
     }
 
   size_t ret = ZSTD_decompress (buf_out, size_out, buf_in, size_in);
-  if (ZSTD_isError (ret))
+  if (unlikely (ZSTD_isError (ret)) || unlikely (ret != size_out))
     {
       free (buf_out);
       __libelf_seterrno (ELF_E_DECOMPRESS_ERROR);