Integer overflow error for destsize argument to blosc_compress_ctx

[nhz2]

Here is a MWE:

#include <stdio.h>
#include <stdint.h>
#include <blosc.h>

#define SRC_SIZE 1024
#define DST_SIZE 4294967296ULL

int main(){
  
  /* Allocate Input and output data byte buffers*/
  uint8_t *src = malloc(SRC_SIZE);
  uint8_t *dst = malloc(DST_SIZE);
  /* Check if the allocation was successful*/
  if(src == NULL || dst == NULL){
    printf("Memory allocation failed\n");
    return 1;
  }

  /* Fill the input data buffer  with random bytes*/
  srand(1234);
  for(int i=0;i<SRC_SIZE;i++){
    src[i] = (uint8_t)rand();
  }

  int csize = blosc_compress_ctx(5, 1, 1,
                            SRC_SIZE, src, dst, DST_SIZE,
                            "lz4", 0, 1);
  printf("Compression Returned: %d\n", csize);
  return 0;
}

Running this on a 64-bit system I get:

Compression Returned: 0

But compression should succeed.

The overflow is happening at:

c-blosc/blosc/blosc.c

Line 1080 in dcf6813

context->destsize = (int32_t)destsize;

There are some checks on destsize being too small, but from what I can tell, there are no checks on it being too large.

c-blosc/blosc/blosc.c

Lines 1096 to 1102 in dcf6813

	if (destsize < BLOSC_MAX_OVERHEAD) {
	if (warnlvl > 0) {
	fprintf(stderr, "Output buffer size should be larger than %d bytes\n",
	BLOSC_MAX_OVERHEAD);
	}
	return 0;
	}

One option to fix this would be to clamp destsize to be at most sourcesize + BLOSC_MAX_OVERHEAD, this would also fix #159