facebook/zstd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ldm] Fix corner case where minMatch < 8

Browse Source 
There is a potential read buffer overflow when minMatch < 8.

fix-fuzz-failure
This commit is contained in:
Nick Terrell 2017-09-19 13:49:37 -07:00
parent 18442a31ff
commit 6c9ed76676
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/compress/zstd_ldm.c
View File

@ -295,7 +295,7 @@ size_t ZSTD_compressBlock_ldm_generic(ZSTD_CCtx* cctx,
const U32 lowestIndex = cctx->dictLimit; const U32 lowestIndex = cctx->dictLimit;
const BYTE* const lowest = base + lowestIndex; const BYTE* const lowest = base + lowestIndex;
const BYTE* const iend = istart + srcSize; const BYTE* const iend = istart + srcSize;
const BYTE* const ilimit = iend - ldmParams.minMatchLength; const BYTE* const ilimit = iend - MAX(ldmParams.minMatchLength, HASH_READ_SIZE);
const ZSTD_blockCompressor blockCompressor = const ZSTD_blockCompressor blockCompressor =
ZSTD_selectBlockCompressor(cctx->appliedParams.cParams.strategy, 0); ZSTD_selectBlockCompressor(cctx->appliedParams.cParams.strategy, 0);
@ -499,7 +499,7 @@ static size_t ZSTD_compressBlock_ldm_extDict_generic(
const BYTE* const lowPrefixPtr = base + dictLimit; const BYTE* const lowPrefixPtr = base + dictLimit;
const BYTE* const dictEnd = dictBase + dictLimit; const BYTE* const dictEnd = dictBase + dictLimit;
const BYTE* const iend = istart + srcSize; const BYTE* const iend = istart + srcSize;
const BYTE* const ilimit = iend - ldmParams.minMatchLength; const BYTE* const ilimit = iend - MAX(ldmParams.minMatchLength, HASH_READ_SIZE);
const ZSTD_blockCompressor blockCompressor = const ZSTD_blockCompressor blockCompressor =
ZSTD_selectBlockCompressor(ctx->appliedParams.cParams.strategy, 1); ZSTD_selectBlockCompressor(ctx->appliedParams.cParams.strategy, 1);