CVE-2014-4715 Analysis

Its a integer overflow vulnerability in LZ4 'lz4.c'. if we see the patch at https://code.google.com/p/lz4/source/diff?spec=svn119&r=119&format=side&path=/trunk/lz4.c they have added following conditions:

/* overflow detection */
	926	if ((sizeof(void)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; / quickfix issue 134 */
	927	if ((endOnInput) && (sizeof(void)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; / quickfix issue 134 */

//if ((sizeof(void)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; / overflow detection */
		967	if ((sizeof(void)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; / quickfix issue 134 */

as you may have figured out, we are adding some value to variable ip and then we are checking if some is less then the value of ip. this will be only true in case of integer overflow.simillar check is added for op variable. Thanks, Hardik

CVE-2014-4715 Analysis

Table of Contents

Related Posts