lib/gis: Fix possible null pointer arithmetic scenario in lz4 module

`LZ4_decompress_generic` function has an argument called `dictStart`, whose usage was only triggered when it was set to use external dict. This function was called with this argument as NULL, but without checking whether it's NULL, we were doing some arithmetic on this argument in the function and assigning it to another variable. Similarly, in another instance, we were doing arithmetic on this variable without checking if it's NULL which could possibly lead to null pointer arithmetic in specific scnearios, which is undefined behavior. This patch adds a simple fix to check if the pointer is NULL or not, before doing any arithmetic on it. This was found using cppcheck static analysis tool. Signed-off-by: Mohan Yelugoti <[email protected]>
OSGeo · Nov 7, 2024 · fa3202e · fa3202e
1 parent 69b20cf
commit fa3202e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/lib/gis/lz4.c b/lib/gis/lz4.c
@@ -1846,7 +1846,8 @@ LZ4_FORCE_O2_GCC_PPC64LE LZ4_FORCE_INLINE int LZ4_decompress_generic(
     BYTE *cpy;
     BYTE *oexit = op + targetOutputSize;
 
-    const BYTE *const dictEnd = (const BYTE *)dictStart + dictSize;
+    const BYTE *const dictEnd =
+        dictStart ? ((const BYTE *)dictStart + dictSize) : NULL;
     const unsigned inc32table[8] = {0, 1, 2, 1, 0, 4, 4, 4};
     const int dec64table[8] = {0, 0, 0, -1, -4, 1, 2, 3};
 
@@ -2006,7 +2007,7 @@ LZ4_FORCE_O2_GCC_PPC64LE LZ4_FORCE_INLINE int LZ4_decompress_generic(
         length += MINMATCH;
 
         /* check external dictionary */
-        if ((dict == usingExtDict) && (match < lowPrefix)) {
+        if ((dict == usingExtDict) && (match < lowPrefix) && dictEnd) {
             if (unlikely(op + length > oend - LASTLITERALS))
                 goto _output_error; /* doesn't respect parsing restriction */