Fix Brotli compressor buffer bounds check by trufae · Pull Request #10 · trufae/otezip

trufae · 2026-03-06T12:20:03Z

The Brotli shim wrote a 5-byte magic, an 8-byte length and a 4-byte CRC before the payload but only validated output_len < input_len + 8, which allowed out-of-bounds writes for slightly undersized output buffers.

Introduce a fixed header_size = 5 + 8 + 4 and validate capacity with if (output_len < header_size || input_len > output_len - header_size) in simple_compress to prevent overflow when writing the header and payload.
Update simple_decompress minimum-input checks and payload offsets to use the same fixed-width header layout (5 + 8 + 4) so framing logic is consistent.
Changes are confined to src/lib/brotli.inc.c and preserve the existing framing format and behavior for correctly-sized buffers.

Ran make -j4 which built the main binary and library successfully.
Ran make -C test/unit and unit binaries were built successfully; unit targets completed without errors.
Ran make -C test which stopped during integration due to missing external tools (xxd, file, 7z) in the environment, so integration script checks could not complete here.

Fix Brotli output buffer size validation

d6b0443

trufae added codex aardvark labels Mar 6, 2026 — with ChatGPT Codex Connector

trufae merged commit f67eafb into main Mar 6, 2026
8 checks passed

Provide feedback