twix/raylib
1
0
Fork 0
mirror of https://github.com/raysan5/raylib.git synced 2025-12-25 10:22:33 -05:00
Code Issues Packages Projects Releases Wiki Activity

REVIEWED: DecompressData(), fixed buffer copying

Browse Source
This commit is contained in:
Ray
2025-09-04 10:44:20 +02:00
parent f9e6c85cce
commit ba046a5d60
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/rcore.c
View File

@ -2563,19 +2563,19 @@ unsigned char *DecompressData(const unsigned char *compData, int compDataSize, i
#if defined(SUPPORT_COMPRESSION_API) #if defined(SUPPORT_COMPRESSION_API)
// Decompress data from a valid DEFLATE stream // Decompress data from a valid DEFLATE stream
unsigned char *data0 = (unsigned char *)RL_CALLOC(MAX_DECOMPRESSION_SIZE*1024*1024, 1); unsigned char *data0 = (unsigned char *)RL_CALLOC(MAX_DECOMPRESSION_SIZE*1024*1024, 1);
int length = sinflate(data, MAX_DECOMPRESSION_SIZE*1024*1024, compData, compDataSize); int size = sinflate(data0, MAX_DECOMPRESSION_SIZE*1024*1024, compData, compDataSize);
// WARNING: RL_REALLOC can make (and leave) data copies in memory, // WARNING: RL_REALLOC can make (and leave) data copies in memory,
// that can be a security concern in case of compression of sensitive data // that can be a security concern in case of compression of sensitive data
// So, we use a second buffer to copy data manually, wiping original buffer memory // So, we use a second buffer to copy data manually, wiping original buffer memory
data = (unsigned char *)RL_CALLOC(length, 1); data = (unsigned char *)RL_CALLOC(size, 1);
memcpy(data, data0, length); memcpy(data, data0, size);
memset(data0, 0, MAX_DECOMPRESSION_SIZE*1024*1024); // Wipe memory, is memset() safe? memset(data0, 0, MAX_DECOMPRESSION_SIZE*1024*1024); // Wipe memory, is memset() safe?
RL_FREE(data0); RL_FREE(data0);
TRACELOG(LOG_INFO, "SYSTEM: Decompress data: Comp. size: %i -> Original size: %i", compDataSize, length); TRACELOG(LOG_INFO, "SYSTEM: Decompress data: Comp. size: %i -> Original size: %i", compDataSize, size);
*dataSize = length; *dataSize = size;
#endif #endif
return data; return data;