--- Compress-LZF/LZF.xs 2006/07/07 15:47:10 1.20 +++ Compress-LZF/LZF.xs 2006/09/27 19:01:48 1.22 @@ -145,25 +145,25 @@ if (src[0]) { - if (!(src[0] & 0x80)) + if (!(src[0] & 0x80) && csize >= 1) { csize -= 1; usize = *src++ & 0xff; } - else if (!(src[0] & 0x20)) + else if (!(src[0] & 0x20) && csize >= 2) { csize -= 2; usize = *src++ & 0x1f; usize = (usize << 6) | (*src++ & 0x3f); } - else if (!(src[0] & 0x10)) + else if (!(src[0] & 0x10) && csize >= 3) { csize -= 3; usize = *src++ & 0x0f; usize = (usize << 6) | (*src++ & 0x3f); usize = (usize << 6) | (*src++ & 0x3f); } - else if (!(src[0] & 0x08)) + else if (!(src[0] & 0x08) && csize >= 4) { csize -= 4; usize = *src++ & 0x07; @@ -171,7 +171,7 @@ usize = (usize << 6) | (*src++ & 0x3f); usize = (usize << 6) | (*src++ & 0x3f); } - else if (!(src[0] & 0x04)) + else if (!(src[0] & 0x04) && csize >= 5) { csize -= 5; usize = *src++ & 0x03; @@ -180,7 +180,7 @@ usize = (usize << 6) | (*src++ & 0x3f); usize = (usize << 6) | (*src++ & 0x3f); } - else if (!(src[0] & 0x02)) + else if (!(src[0] & 0x02) && csize >= 6) { csize -= 6; usize = *src++ & 0x01; @@ -192,18 +192,24 @@ } else croak ("compressed data corrupted (invalid length)"); + + if (!usize) + croak ("compressed data corrupted (invalid length)"); ret = NEWSV (0, usize); SvPOK_only (ret); dst = SvPVX (ret); if (lzf_decompress (src, csize, dst, usize) != usize) - croak ("compressed data corrupted (size mismatch)", csize, skip, usize); + { + SvREFCNT_dec (ret); + croak ("compressed data corrupted (size mismatch)", csize, skip, usize); + } } else { usize = csize - 1; - ret = NEWSV (0, usize); + ret = NEWSV (0, usize | 1); SvPOK_only (ret); Move ((void *)(src + 1), (void *)SvPVX (ret), usize, unsigned char);