From 0913587679ed78029440d813bfa7170439ede2dd Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers3@gmail.com>
Date: Mon, 18 Aug 2014 22:45:47 -0500
Subject: [PATCH] wimlib_decompress(): Check uncompressed_size

---
 src/decompress.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/decompress.c b/src/decompress.c
index 3e110e84..9287ca09 100644
--- a/src/decompress.c
+++ b/src/decompress.c
@@ -34,6 +34,7 @@
 
 struct wimlib_decompressor {
 	const struct decompressor_ops *ops;
+	size_t max_block_size;
 	void *private;
 };
 
@@ -68,6 +69,7 @@ wimlib_create_decompressor(enum wimlib_compression_type ctype,
 	if (dec == NULL)
 		return WIMLIB_ERR_NOMEM;
 	dec->ops = decompressor_ops[ctype];
+	dec->max_block_size = max_block_size;
 	dec->private = NULL;
 	if (dec->ops->create_decompressor) {
 		int ret;
@@ -88,6 +90,9 @@ wimlib_decompress(const void *compressed_data, size_t compressed_size,
 		  void *uncompressed_data, size_t uncompressed_size,
 		  struct wimlib_decompressor *dec)
 {
+	if (unlikely(uncompressed_size > dec->max_block_size))
+		return -2;
+
 	return dec->ops->decompress(compressed_data, compressed_size,
 				    uncompressed_data, uncompressed_size,
 				    dec->private);
-- 
2.46.1