From c76e90909a4796c16d35b1ff723813c61772447b Mon Sep 17 00:00:00 2001
From: aimuz <mr.imuz@gmail.com>
Date: Mon, 6 Nov 2023 16:19:35 +0800
Subject: [PATCH] internal/zstd: fix regeneratedSize too small to cause panic

Fixes: #63824
---
 src/internal/zstd/fuzz_test.go | 1 +
 src/internal/zstd/literals.go  | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/src/internal/zstd/fuzz_test.go b/src/internal/zstd/fuzz_test.go
index bb6f0a9721f803..b4d99d031567c1 100644
--- a/src/internal/zstd/fuzz_test.go
+++ b/src/internal/zstd/fuzz_test.go
@@ -22,6 +22,7 @@ var badStrings = []string{
 	"(\xb5/\xfd\x1002000$\x05\x0010\xcc0\xa8100000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
 	"(\xb5/\xfd\x1002000$\x05\x0000\xcc0\xa8100d\x0000001000000000000000000000000000000000000000000000000000000000000000000000000\x000000000000000000000000000000000000000000000000000000000000000000000000000000",
 	"(\xb5/\xfd001\x00\x0000000000000000000",
+	"(\xb5/\xfd00\xec\x00\x00&@\x05\x05A7002\x02\x00\x02\x00\x02\x0000000000000000",
 }
 
 // This is a simple fuzzer to see if the decompressor panics.
diff --git a/src/internal/zstd/literals.go b/src/internal/zstd/literals.go
index b46d668f262e0e..4c258d59f6bdfe 100644
--- a/src/internal/zstd/literals.go
+++ b/src/internal/zstd/literals.go
@@ -214,6 +214,9 @@ func (r *Reader) readLiteralsFourStreams(data block, off, totalStreamsSize, rege
 	if totalStreamsSize < 6 {
 		return nil, r.makeError(off, "total streams size too small for jump table")
 	}
+	if regeneratedSize < 4 {
+		return nil, r.makeError(off, "regenerated size too small for jump table")
+	}
 
 	streamSize1 := binary.LittleEndian.Uint16(data[off:])
 	streamSize2 := binary.LittleEndian.Uint16(data[off+2:])