Avoid uncompressing if uncompressed size is too big.

The uncompressed size might be unreasonable in case the data we
uncompress with GzipUncompress does not have the right format or is
corrupted which will lead to resize to attempt to throw an exception.

The two possible exceptions from resize() are length_error and
bad_alloc. In case the exception attempted is length_error (which I
assumed based on that the error reported is Xlength_error) checking
for std::string::max_size() would avoid such a crash.

Bug: 911865
Change-Id: Ida8f845c1334ef0097765d168c19034c6ca00cc0
Reviewed-on: https://chromium-review.googlesource.com/c/1380035
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Commit-Queue: Monica Salama <msalama@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#618224}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 322bc779d3bf6945bf646caa437b90fc59e8ff8c

1 files changed, 3 insertions, 0 deletions

diff --git a/google/compression_utils.cc b/google/compression_utils.cc
index 53b280a..9aa4f70 100644
--- a/google/compression_utils.cc
+++ b/google/compression_utils.cc
@@ -160,6 +160,9 @@ bool GzipCompress(base::StringPiece input, std::string* output) {
 bool GzipUncompress(const std::string& input, std::string* output) {
   std::string uncompressed_output;
   uLongf uncompressed_size = static_cast<uLongf>(GetUncompressedSize(input));
+  if (uncompressed_size > uncompressed_output.max_size())
+    return false;
+
   uncompressed_output.resize(uncompressed_size);
   if (GzipUncompressHelper(bit_cast<Bytef*>(uncompressed_output.data()),
                            &uncompressed_size,