From 5dc8dd1a55f92f3855aeac874b2a630f62f75727 Mon Sep 17 00:00:00 2001
From: 404Setup <153366651+404Setup@users.noreply.github.com>
Date: Mon, 4 May 2026 07:52:30 +0000
Subject: [PATCH] fix(security): add size validation before set_len in api.rs

---
 src/api.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/api.rs b/src/api.rs
index 7928ea1..2943ec8 100644
--- a/src/api.rs
+++ b/src/api.rs
@@ -85,6 +85,7 @@ impl Compressor {
         let (res, size) = f(&mut self.inner, data, out_uninit);
         match res {
             CompressResult::Success => {
+                assert!(size <= bound);
                 unsafe {
                     output.set_len(size);
                 }
@@ -118,7 +119,10 @@ impl Compressor {
         let out_uninit = crate::common::slice_as_uninit_mut(output);
         let (res, size) = f(&mut self.inner, data, out_uninit);
         match res {
-            CompressResult::Success => Ok(size),
+            CompressResult::Success => {
+                assert!(size <= output.len());
+                Ok(size)
+            }
             _ => Err(io::Error::other(error_msg)),
         }
     }
@@ -233,6 +237,7 @@ impl Decompressor {
 
         let (res, _, size) = f(&mut self.inner, data, out_uninit);
         if res == crate::decompress::DecompressResult::Success {
+            assert!(size <= expected_size);
             unsafe {
                 output.set_len(size);
             }
@@ -268,6 +273,7 @@ impl Decompressor {
         let out_uninit = crate::common::slice_as_uninit_mut(output);
         let (res, _, size) = f(&mut self.inner, data, out_uninit);
         if res == crate::decompress::DecompressResult::Success {
+            assert!(size <= output.len());
             Ok(size)
         } else {
             Err(io::Error::new(