MdeModulePkg: Fix BrotliCustomDecompressLib potential issue

- Fix BrotliCustomDecompressLib potential issue

Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Bell Song <binx.song@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
Song, BinX 2017-04-07 14:52:15 +08:00 committed by Liming Gao
parent d3e0c996d5
commit 36a0d5cab8
2 changed files with 9 additions and 4 deletions

View File

@ -126,6 +126,7 @@ BrotliDecompress (
BrotliState * BroState; BrotliState * BroState;
VOID * Temp; VOID * Temp;
TotalOut = 0;
AvailableOut = FILE_BUFFER_SIZE; AvailableOut = FILE_BUFFER_SIZE;
Result = BROTLI_RESULT_ERROR; Result = BROTLI_RESULT_ERROR;
BroState = BrotliCreateState(BrAlloc, BrFree, BuffInfo); BroState = BrotliCreateState(BrAlloc, BrFree, BuffInfo);

View File

@ -802,6 +802,7 @@ static BROTLI_INLINE uint32_t ReadBlockLength(const HuffmanCode* table,
uint32_t code; uint32_t code;
uint32_t nbits; uint32_t nbits;
code = ReadSymbol(table, br); code = ReadSymbol(table, br);
if (code >= BROTLI_NUM_BLOCK_LEN_SYMBOLS) code = BROTLI_NUM_BLOCK_LEN_SYMBOLS - 1;
nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */ nbits = kBlockLengthPrefixCode[code].nbits; /* nbits == 2..24 */
return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits); return kBlockLengthPrefixCode[code].offset + BrotliReadBits(br, nbits);
} }
@ -872,13 +873,13 @@ static BROTLI_NOINLINE void InverseMoveToFrontTransform(
for (i = 0; i < v_len; ++i) { for (i = 0; i < v_len; ++i) {
int index = v[i]; int index = v[i];
uint8_t value = mtf[index]; uint8_t value = mtf[index];
upper_bound |= v[i]; upper_bound |= (uint32_t)v[i];
v[i] = value; v[i] = value;
mtf[-1] = value; mtf[-1] = value;
do { while (index > 0) {
index--; index--;
mtf[index + 1] = mtf[index]; mtf[index + 1] = mtf[index];
} while (index >= 0); }
} }
/* Remember amount of elements to be reinitialized. */ /* Remember amount of elements to be reinitialized. */
state->mtf_upper_bound = upper_bound; state->mtf_upper_bound = upper_bound;
@ -1498,6 +1499,7 @@ static BROTLI_INLINE BROTLI_BOOL ReadCommandInternal(
return BROTLI_FALSE; return BROTLI_FALSE;
} }
} }
if (cmd_code >= BROTLI_NUM_COMMAND_SYMBOLS) cmd_code = BROTLI_NUM_COMMAND_SYMBOLS - 1;
v = kCmdLut[cmd_code]; v = kCmdLut[cmd_code];
s->distance_code = v.distance_code; s->distance_code = v.distance_code;
s->distance_context = v.context; s->distance_context = v.context;
@ -2209,7 +2211,9 @@ BrotliDecoderResult BrotliDecoderDecompressStream(
} }
s->max_distance = s->max_backward_distance; s->max_distance = s->max_backward_distance;
if (s->state == BROTLI_STATE_COMMAND_POST_WRITE_1) { if (s->state == BROTLI_STATE_COMMAND_POST_WRITE_1) {
memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos); if (s->ringbuffer != 0) {
memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos);
}
if (s->meta_block_remaining_len == 0) { if (s->meta_block_remaining_len == 0) {
/* Next metablock, if any */ /* Next metablock, if any */
s->state = BROTLI_STATE_METABLOCK_DONE; s->state = BROTLI_STATE_METABLOCK_DONE;