From 3071c3e3034e7b506a0bb311b907b9eb02d56910 Mon Sep 17 00:00:00 2001
From: Yann Collet <cyan@fb.com>
Date: Tue, 23 Aug 2016 01:34:34 +0200
Subject: [PATCH] STREAM_WINDOW_MAX : protect streaming from unreasonable
 memory requirements

---
 lib/decompress/zstd_decompress.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/decompress/zstd_decompress.c b/lib/decompress/zstd_decompress.c
index 5cd9deb50..524c2f56e 100644
--- a/lib/decompress/zstd_decompress.c
+++ b/lib/decompress/zstd_decompress.c
@@ -50,6 +50,16 @@
 #endif
 
 
+/*!
+*  STREAM_WINDOW_MAX :
+*  maximum window size accepted by DStream.
+*  frames requiring more memory will be rejected.
+*/
+#ifndef ZSTD_STREAM_WINDOW_MAX
+#  define ZSTD_STREAM_WINDOW_MAX (257 << 20)   /* 257 MB */
+#endif
+
+
 /*-*******************************************************
 *  Dependencies
 *********************************************************/
@@ -1445,6 +1455,7 @@ size_t ZSTD_decompressStream(ZSTD_DStream* zds, ZSTD_outBuffer* output, ZSTD_inB
             /* Frame header instruct buffer sizes */
             {   size_t const blockSize = MIN(zds->fParams.windowSize, ZSTD_BLOCKSIZE_ABSOLUTEMAX);
                 size_t const neededOutSize = zds->fParams.windowSize + blockSize;
+                if (zds->fParams.windowSize > ZSTD_STREAM_WINDOW_MAX) return ERROR(frameParameter_unsupported);
                 zds->blockSize = blockSize;
                 if (zds->inBuffSize < blockSize) {
                     zds->customMem.customFree(zds->customMem.opaque, zds->inBuff);