[PATCH v2 0/2] erofs-utils: lib: fix ZSTD decompression safety issues

[Utkal Singh]

Changes since v1:
- Added reproducer per maintainer request

This series fixes two issues in z_erofs_decompress_zstd() that can
be triggered by crafted EROFS filesystem images.

Patch 1/2 validates ZSTD frame content size against decodedlength.
Patch 2/2 fixes a missing error return on decompression length mismatch.

Utkal Singh (2):
  erofs-utils: lib: validate ZSTD frame content size in decompression
  erofs-utils: lib: return error on ZSTD decompression length mismatch

 lib/decompress.c | 8 ++++++++
 1 file changed, 8 insertions(+)

-- 
2.43.0