Reject zero offsets in a length/offset pair.
The spec at
https://github.com/google/snappy/blob/master/format_description.txt
says that, "Offsets of zero can be encoded, but are not legal".
diff --git a/decode.go b/decode.go
index 0ac8e4f..4ca5ee3 100644
--- a/decode.go
+++ b/decode.go
@@ -121,7 +121,7 @@
return nil, errUnsupportedCopy4Tag
}
- if offset > d || length > len(dst)-d {
+ if offset <= 0 || d < offset || length > len(dst)-d {
return nil, ErrCorrupt
}
for end := d + length; d != end; d++ {
diff --git a/snappy_test.go b/snappy_test.go
index 4d77669..a6fbbf0 100644
--- a/snappy_test.go
+++ b/snappy_test.go
@@ -198,6 +198,11 @@
"abcdabcd",
nil,
}, {
+ `decodedLen=8; tagLiteral (4 bytes "abcd"); tagCopy1; length=4 offset=0; zero offset`,
+ "\x08" + "\x0cabcd" + "\x01\x00",
+ "",
+ ErrCorrupt,
+ }, {
`decodedLen=9; tagLiteral (4 bytes "abcd"); tagCopy1; length=4 offset=4; inconsistent dLen`,
"\x09" + "\x0cabcd" + "\x01\x04",
"",