Mercurial > libpst
annotate src/lzfu.h @ 359:a3e674fade6c
From Jeffrey Morlan:
pst_parse_block misreads Table Contexts (aka "type 2") with a
multi-block Row Matrix ("ind2"). Rows are never split between blocks -
every block except the last has padding at the end which should be
ignored. I've only seen this affect the recipients table, but
presumably it could affect attachments too. This was causing
out-of-bounds memory ranges to be returned from pst_getBlockOffset and
later access; patch fixes both the table reading issue and adds a
missing bounds check to pst_getBlockOffset (so as not to risk a
segfault if the PST is corrupted).
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 06 Jul 2016 10:20:12 -0700 |
parents | cf3df962f1e5 |
children |
rev | line source |
---|---|
16 | 1 #ifndef LZFU_H |
2 #define LZFU_H | |
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
36
diff
changeset
|
3 |
193 | 4 /** decompress lz compressed rtf data. The initial lz dictionary is preloaded |
5 with rtf specific data. | |
6 * @param rtfcomp pointer to the rtf compressed data | |
7 * @param compsize size of the compressed data buffer | |
8 * @param size pointer to location to return size of the output buffer | |
9 * @return pointer to the output buffer containing the decompressed data. | |
10 * The caller must free this buffer. | |
11 */ | |
172
6954d315aaa8
move version-info into main configure.in, and set it properly.
Carl Byington <carl@five-ten-sg.com>
parents:
75
diff
changeset
|
12 char* pst_lzfu_decompress (char* rtfcomp, uint32_t compsize, size_t *size); |
41
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
36
diff
changeset
|
13 |
183ae993b9ad
security fix for potential buffer overrun in lz decompress
carl
parents:
36
diff
changeset
|
14 #endif |