From 194a81ff4f0304d928bbcfd57ff3e961e12ac8d4 Mon Sep 17 00:00:00 2001
From: Tamara Braun <tamara@daten.io>
Date: Wed, 30 Jun 2021 18:47:07 +0200
Subject: [PATCH] Fix Buffer Overflow During Lz4FrameEncoder Close (#11429)

Motivation:

We failed to account for the last header when estimating the buffer
size. If the data does not compress enough to make space for the
last header we would exceed the ByteBuf's capacity.

Modifications:

Call #ensureWritable with appropriate capacity for footer ByteBuf
befor writing footer.

Result:

If there is not enough space left in the buffer, the buffer will be
expanded.
---
 .../java/io/netty/handler/codec/compression/Lz4FrameEncoder.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java b/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java
index 1a9cd8bbd9..d4ea1296a8 100644
--- a/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java
+++ b/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java
@@ -315,6 +315,7 @@ public class Lz4FrameEncoder extends MessageToByteEncoder<ByteBuf> {
                 compressor.maxCompressedLength(buffer.readableBytes()) + HEADER_LENGTH);
         flushBufferedData(footer);
 
+        footer.ensureWritable(HEADER_LENGTH);
         final int idx = footer.writerIndex();
         footer.setLong(idx, MAGIC_NUMBER);
         footer.setByte(idx + TOKEN_OFFSET, (byte) (BLOCK_TYPE_NON_COMPRESSED | compressionLevel));