From 768dedfcdb3b9076c9850a347e7e5ef885cb8a4e Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 29 Oct 2025 10:36:51 +0800 Subject: [PATCH] CVE-2025-62813-fix Signed-off-by: unknown --- lib/lz4frame.c | 15 +++++++++++++-- tests/frametest.c | 7 +++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/lib/lz4frame.c b/lib/lz4frame.c index f89c055..70a5661 100644 --- a/lib/lz4frame.c +++ b/lib/lz4frame.c @@ -539,9 +539,16 @@ LZ4F_CDict* LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize) { const char* dictStart = (const char*)dictBuffer; - LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); + LZ4F_CDict* cdict = NULL; + DEBUGLOG(4, "LZ4F_createCDict_advanced"); - if (!cdict) return NULL; + + if (!dictStart) + return NULL; + cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); + if (!cdict) + return NULL; + cdict->cmem = cmem; if (dictSize > 64 KB) { dictStart += dictSize - 64 KB; @@ -1486,6 +1493,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx, LZ4F_frameInfo_t* frameInfoPtr, const void* srcBuffer, size_t* srcSizePtr) { + assert(dctx != NULL); + RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null); + RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null); + LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader); if (dctx->dStage > dstage_storeFrameHeader) { /* frameInfo already decoded */ diff --git a/tests/frametest.c b/tests/frametest.c index 74992bc..eaa89b7 100644 --- a/tests/frametest.c +++ b/tests/frametest.c @@ -714,9 +714,12 @@ static int unitTests(U32 seed, double compressibility) size_t const srcSize = 65 KB; /* must be > 64 KB to avoid short-size optimizations */ size_t const dstCapacity = LZ4F_compressFrameBound(srcSize, NULL); size_t cSizeNoDict, cSizeWithDict; - LZ4F_CDict* const cdict = LZ4F_createCDict(CNBuffer, dictSize); - if (cdict == NULL) goto _output_error; + LZ4F_CDict* cdict = NULL; + CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); + cdict = LZ4F_createCDict(CNBuffer, dictSize); + if (cdict == NULL) + goto _output_error; DISPLAYLEVEL(3, "Testing LZ4F_createCDict_advanced : "); { LZ4F_CDict* const cda = LZ4F_createCDict_advanced(lz4f_cmem_test, CNBuffer, dictSize);