LibCompress: Check and fail for input stream errors in DeflateDecompressor

Since we were not checking for error flags set by read_bits we would just always read 0 as the bits' value, which in some edge cases could lead to an infinite loop.
author: Idan Horowitz <idan.horowitz@gmail.com> 2021-03-16 18:28:01 +0200
committer: Andreas Kling <kling@serenityos.org> 2021-03-16 21:57:44 +0100
commit: be5a8d9c7fa800b4f53d5a2bf0a871f0af42f35f (patch)
tree: 57026bf6e1d560929d0235a1c23ce0591a90e33b /Userland/Libraries/LibCompress/Deflate.cpp
parent: 46c7f52896e41ee2743f2434155477852ceff8c6 (diff)
download: serenity-be5a8d9c7fa800b4f53d5a2bf0a871f0af42f35f.zip
1 files changed, 25 insertions, 0 deletions
diff --git a/Userland/Libraries/LibCompress/Deflate.cpp b/Userland/Libraries/LibCompress/Deflate.cpp
index bee132ee2a..5963aa709a 100644
--- a/Userland/Libraries/LibCompress/Deflate.cpp
+++ b/Userland/Libraries/LibCompress/Deflate.cpp
@@ -218,12 +218,22 @@ size_t DeflateDecompressor::read(Bytes bytes)
         m_read_final_bock = m_input_stream.read_bit();
         const auto block_type = m_input_stream.read_bits(2);
 
+        if (m_input_stream.has_any_error()) {
+            set_fatal_error();
+            return 0;
+        }
+
         if (block_type == 0b00) {
             m_input_stream.align_to_byte_boundary();
 
             LittleEndian<u16> length, negated_length;
             m_input_stream >> length >> negated_length;
 
+            if (m_input_stream.has_any_error()) {
+                set_fatal_error();
+                return 0;
+            }
+
             if ((length ^ 0xffff) != negated_length) {
                 set_fatal_error();
                 return 0;
@@ -247,6 +257,11 @@ size_t DeflateDecompressor::read(Bytes bytes)
             Optional<CanonicalCode> distance_codes;
             decode_codes(literal_codes, distance_codes);
 
+            if (m_input_stream.has_any_error()) {
+                set_fatal_error();
+                return 0;
+            }
+
             m_state = State::ReadingCompressedBlock;
             new (&m_compressed_block) CompressedBlock(*this, literal_codes, distance_codes);
 
@@ -264,6 +279,11 @@ size_t DeflateDecompressor::read(Bytes bytes)
             nread += m_output_stream.read(bytes.slice(nread));
         }
 
+        if (m_input_stream.has_any_error()) {
+            set_fatal_error();
+            return 0;
+        }
+
         if (nread == bytes.size())
             return nread;
 
@@ -280,6 +300,11 @@ size_t DeflateDecompressor::read(Bytes bytes)
             nread += m_output_stream.read(bytes.slice(nread));
         }
 
+        if (m_input_stream.has_any_error()) {
+            set_fatal_error();
+            return 0;
+        }
+
         if (nread == bytes.size())
             return nread;
author	Idan Horowitz <idan.horowitz@gmail.com>	2021-03-16 18:28:01 +0200
committer	Andreas Kling <kling@serenityos.org>	2021-03-16 21:57:44 +0100
commit	be5a8d9c7fa800b4f53d5a2bf0a871f0af42f35f (patch)
tree	57026bf6e1d560929d0235a1c23ce0591a90e33b /Userland/Libraries/LibCompress/Deflate.cpp
parent	46c7f52896e41ee2743f2434155477852ceff8c6 (diff)
download	serenity-be5a8d9c7fa800b4f53d5a2bf0a871f0af42f35f.zip