From a07ddb47f7d43529dde4922786516f7ec14754cb Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@fb.com>
Date: Mon, 27 Sep 2021 13:56:07 -0700
Subject: [PATCH] [huf] Fix OSS-Fuzz assert

PR #2784 introduced a bug in the decompressor that caused some valid
inputs to fail to decompress. The bitstream isn't reloaded after the 4X*
loop if the number of elements remaining is small enough, causing us to
read more bits than are available in the bitcontainer.

This was caught by the MSAN fuzzer in OSS-Fuzz because the assembly
implementation isn't used in the MSAN build.

Credit to OSS-Fuzz.
---
 lib/decompress/huf_decompress.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/decompress/huf_decompress.c b/lib/decompress/huf_decompress.c
index 128b0801..7529034e 100644
--- a/lib/decompress/huf_decompress.c
+++ b/lib/decompress/huf_decompress.c
@@ -531,6 +531,8 @@ HUF_decodeStreamX1(BYTE* p, BIT_DStream_t* const bitDPtr, BYTE* const pEnd, cons
             HUF_DECODE_SYMBOLX1_2(p, bitDPtr);
             HUF_DECODE_SYMBOLX1_0(p, bitDPtr);
         }
+    } else {
+        BIT_reloadDStream(bitDPtr);
     }
 
     /* [0-3] symbols remaining */
@@ -1218,6 +1220,8 @@ HUF_decodeStreamX2(BYTE* p, BIT_DStream_t* bitDPtr, BYTE* const pEnd,
                 HUF_DECODE_SYMBOLX2_0(p, bitDPtr);
             }
         }
+    } else {
+        BIT_reloadDStream(bitDPtr);
     }
 
     /* closer to end : up to 2 symbols at a time */