Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing check on failed allocation leads to NULL-ptr dereference #4026

Open
benhawkes opened this issue Apr 16, 2024 · 1 comment
Open

Missing check on failed allocation leads to NULL-ptr dereference #4026

benhawkes opened this issue Apr 16, 2024 · 1 comment

Comments

@benhawkes
Copy link

Describe the bug

In the ZBUFFv06_createDCtx function in lib/legacy/zstd_v06.c, there is an unchecked allocation failure that can result in a NULL-ptr dereference when calling ZSTD_decompressStream in low-memory conditions. Specifically the following line in ZBUFFv06_createDCtx is unchecked:

zbd->zd = ZSTDv06_createDCtx();

If this allocation fails, a NULL-ptr deference in ZSTDv06_decompressBegin (via ZSTDv06_decompressBegin_usingDict) can be observed.

It looks like there are similar cases in lib/legacy/zstd_v05.c and lib/legacy/zstd_v04.c
Adenilson pushed a commit to Adenilson/zstd that referenced this issue May 17, 2024
[fix] Add check on failed allocation in legacy/zstd_v06
4f71e74 
As reported by Ben Hawkes in facebook#4026, a failure to allocate a zstd context
would lead to a dereference of a NULL pointer due to a missing check
on the returned result of ZSTDv06_createDCtx().

This patch fix the issue by adding a check for valid returned pointer.
@Adenilson Adenilson mentioned this issue May 17, 2024
Merged
@Adenilson
Copy link

Seems like an one-liner fix, just added a patch for it.

Adenilson pushed a commit to Adenilson/zstd that referenced this issue May 17, 2024
[fix] Add check on failed allocation in legacy/zstd_v06
30546c1 
As reported by Ben Hawkes in facebook#4026, a failure to allocate a zstd context
would lead to a dereference of a NULL pointer due to a missing check
on the returned result of ZSTDv06_createDCtx().

This patch fix the issue by adding a check for valid returned pointer.
Adenilson pushed a commit to Adenilson/zstd that referenced this issue May 17, 2024
[fix] Add check on failed allocation in legacy/zstd_v06
0e37337 
As reported by Ben Hawkes in facebook#4026, a failure to allocate a zstd context
would lead to a dereference of a NULL pointer due to a missing check
on the returned result of ZSTDv06_createDCtx().

This patch fix the issue by adding a check for valid returned pointer.
Adenilson pushed a commit to Adenilson/zstd that referenced this issue May 17, 2024
[fix] Add check on failed allocation in legacy/zstd_v06
1872688 
As reported by Ben Hawkes in facebook#4026, a failure to allocate a zstd context
would lead to a dereference of a NULL pointer due to a missing check
on the returned result of ZSTDv06_createDCtx().

This patch fix the issue by adding a check for valid returned pointer.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Adenilson @benhawkes