ext/bz2: bzcompress/bzdecompress check inputs lengths beforehand. #17887
Conversation
ext/bz2/bz2.c
Outdated
| @@ -450,6 +450,13 @@ PHP_FUNCTION(bzcompress) | |||
| RETURN_THROWS(); | |||
| } | |||
|
|
|||
| const unsigned int source_len_max = (unsigned int)((UINT_MAX - 600) / 1.01); | |||
|
|
|||
| if (source_len > source_len_max) { | |||
There was a problem hiding this comment.
Something's off, I removed this check and it compressed just fine.
Just because the max output length is expressed in terms of the input length (i.e. (source_len + (0.01 * source_len) + 600)) doesn't mean that's a limit.
I didn't check decompression but I suppose the same mistake happened there.
There was a problem hiding this comment.
I see, was trying to cater to the type (unsigned int).
There was a problem hiding this comment.
Hmmm, surprisingly indeed the theoretical bound would be what you checked on then. However, this is the worst-case and we certainly can make inputs that compress in less bytes. So a lot of inputs would be unrightfully blocked if you did this check.
What probably needs to happen is use of the lower level interfaces to not do compression/decompression in a one-shot manner.
https://sourceware.org/pub/bzip2/docs/v101/manual_3.html states:
Compression in this manner is a one-shot event, done with a single call to this function. The resulting compressed data is a complete bzip2 format data stream. There is no mechanism for making additional calls to provide extra input data. If you want that kind of mechanism, use the low-level interface.
This would allow going beyondunsigned int.
There was a problem hiding this comment.
oh I see, bzCompressInit -> bzCompress/BZ_RUN until we fill all or error -> bzCompressEnd. I ll see about this later :)
also removing useless casts for filter ZendMM parts.