diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-11-14 09:51:07 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-11-14 09:51:07 +0100 |
| commit | e78394c4b83c447e8489c665d525680fc4e3000a (patch) | |
| tree | cb18bda30d8917c2a1ea360d29301a355d4c3006 /mfbt | |
| parent | 6f67090876e7f7b3dd5b7fd20270796244f4006c (diff) | |
| download | aura-central-e78394c4b83c447e8489c665d525680fc4e3000a.tar.gz | |
Issue mcp-graveyard/UXP%1288 - Part 2: Add a partial LZ4 decompression routine.
This function never writes beyond `aDest` + `aMaxOutputSize`, and is
therefore protexted against malicious datapackets.
It also ignores unconsumed input upon reaching `aMaxOutputSize` and can
therefore be used for parial decompression of LZ4 input up to a desired
resulting size of decompressed data.
Diffstat (limited to 'mfbt')
| -rw-r--r-- | mfbt/Compression.cpp | 21 | ||||
| -rw-r--r-- | mfbt/Compression.h | 23 |
2 files changed, 44 insertions, 0 deletions
diff --git a/mfbt/Compression.cpp b/mfbt/Compression.cpp index 6be8020a9..5646b56b2 100644 --- a/mfbt/Compression.cpp +++ b/mfbt/Compression.cpp @@ -76,3 +76,24 @@ LZ4::decompress(const char* aSource, size_t aInputSize, char* aDest, return false; } +bool +LZ4::decompressPartial(const char* aSource, size_t aInputSize, char* aDest, + size_t aMaxOutputSize, size_t* aOutputSize) +{ + CheckedInt<int> maxOutputSizeChecked = aMaxOutputSize; + MOZ_ASSERT(maxOutputSizeChecked.isValid()); + CheckedInt<int> inputSizeChecked = aInputSize; + MOZ_ASSERT(inputSizeChecked.isValid()); + + int ret = LZ4_decompress_safe_partial(aSource, aDest, + inputSizeChecked.value(), + maxOutputSizeChecked.value(), + maxOutputSizeChecked.value()); + if (ret >= 0) { + *aOutputSize = ret; + return true; + } + + *aOutputSize = 0; + return false; +} diff --git a/mfbt/Compression.h b/mfbt/Compression.h index aa50211b3..eeb160c51 100644 --- a/mfbt/Compression.h +++ b/mfbt/Compression.h @@ -96,6 +96,29 @@ public: decompress(const char* aSource, size_t aInputSize, char* aDest, size_t aMaxOutputSize, size_t* aOutputSize); + /** + * If the source stream is malformed, the function will stop decoding + * and return false. + * + * This function never writes beyond aDest + aMaxOutputSize, and is + * therefore protected against malicious data packets. It also ignores + * unconsumed input upon reaching aMaxOutputSize and can therefore be used + * for partial decompression. + * + * Note: Destination buffer must be already allocated. This version is + * slightly slower than the decompress without the aMaxOutputSize. + * + * @param aInputSize is the length of the input compressed data + * @param aMaxOutputSize is the size of the destination buffer (which must be + * already allocated) + * @param aOutputSize the actual number of bytes decoded in the destination + * buffer (necessarily <= aMaxOutputSize) + * @return true on success, false on failure + */ + static MFBT_API MOZ_MUST_USE bool + decompressPartial(const char* aSource, size_t aInputSize, char* aDest, + size_t aMaxOutputSize, size_t* aOutputSize); + /* * Provides the maximum size that LZ4 may output in a "worst case" * scenario (input data not compressible) primarily useful for memory |