From 3afece1e1365196f976b56cb7a3d3fe707b9ec9c Mon Sep 17 00:00:00 2001
From: Tamara Braun <tamara@daten.io>
Date: Wed, 30 Jun 2021 18:47:07 +0200
Subject: [PATCH] Fix Buffer Overflow During Lz4FrameEncoder Close (#11429)

Motivation:

We failed to account for the last header when estimating the buffer
size. If the data does not compress enough to make space for the
last header we would exceed the ByteBuf's capacity.

Modifications:

Call #ensureWritable with appropriate capacity for footer ByteBuf
befor writing footer.

Result:

If there is not enough space left in the buffer, the buffer will be
expanded.
---
 .../java/io/netty/handler/codec/compression/Lz4FrameEncoder.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java b/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java
index 1b7e6ec3ce..dba38b3e1e 100644
--- a/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java
+++ b/codec/src/main/java/io/netty/handler/codec/compression/Lz4FrameEncoder.java
@@ -317,6 +317,7 @@ public class Lz4FrameEncoder extends MessageToByteEncoder<ByteBuf> {
                 compressor.maxCompressedLength(buffer.readableBytes()) + HEADER_LENGTH);
         flushBufferedData(footer);
 
+        footer.ensureWritable(HEADER_LENGTH);
         final int idx = footer.writerIndex();
         footer.setLong(idx, MAGIC_NUMBER);
         footer.setByte(idx + TOKEN_OFFSET, (byte) (BLOCK_TYPE_NON_COMPRESSED | compressionLevel));