Skip to content

Commit

Permalink
fix bound check for ZSTD_copySequencesToSeqStoreNoBlockDelim()
Browse files Browse the repository at this point in the history
  • Loading branch information
daniellerozenblit committed Jan 24, 2023
1 parent 0a91b31 commit 7d600c6
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 3 deletions.
3 changes: 2 additions & 1 deletion lib/compress/zstd_compress.c
Original file line number Diff line number Diff line change
Expand Up @@ -6327,7 +6327,6 @@ ZSTD_copySequencesToSeqStoreNoBlockDelim(ZSTD_CCtx* cctx, ZSTD_sequencePosition*
/* Move to the next sequence */
endPosInSequence -= currSeq.litLength + currSeq.matchLength;
startPosInSequence = 0;
idx++;
} else {
/* This is the final (partial) sequence we're adding from inSeqs, and endPosInSequence
does not reach the end of the match. So, we have to split the sequence */
Expand Down Expand Up @@ -6382,6 +6381,8 @@ ZSTD_copySequencesToSeqStoreNoBlockDelim(ZSTD_CCtx* cctx, ZSTD_sequencePosition*
"Not enough memory allocated. Try adjusting ZSTD_c_minMatch.");
ZSTD_storeSeq(&cctx->seqStore, litLength, ip, iend, offBase, matchLength);
ip += matchLength + litLength;
if (!finalMatchSplit)
idx++; /* Next Sequence */
}
DEBUGLOG(5, "Ending seq: idx: %u (of: %u ml: %u ll: %u)", idx, inSeqs[idx].offset, inSeqs[idx].matchLength, inSeqs[idx].litLength);
assert(idx == inSeqsSize || endPosInSequence <= inSeqs[idx].litLength + inSeqs[idx].matchLength);
Expand Down
2 changes: 0 additions & 2 deletions tests/fuzz/sequence_compression_api.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,6 @@ static ZSTD_DDict* ddict = NULL;
#define ZSTD_FUZZ_MATCHLENGTH_MAXSIZE (1 << 18) /* Allow up to 256KB matches */
#define ZSTD_FUZZ_GENERATED_DICT_MAXSIZE (1 << ZSTD_WINDOWLOG_MAX_32) /* Allow up to 1 << ZSTD_WINDOWLOG_MAX_32 dictionary */
#define ZSTD_FUZZ_MAX_NBSEQ (1 << 17) /* Maximum of 128K sequences */
#define ZSTD_FUZZ_DICT_FILE "sequence_fuzz_dictionary"


/* Deterministic random number generator */
#define FUZZ_RDG_rotl32(x,r) ((x << r) | (x >> (32 - r)))
Expand Down
34 changes: 34 additions & 0 deletions tests/zstreamtest.c
Original file line number Diff line number Diff line change
Expand Up @@ -2139,6 +2139,40 @@ static int basicUnitTests(U32 seed, double compressibility, int bigTests)

ZSTD_CCtx_reset(cctx, ZSTD_reset_session_and_parameters);


/* Test with no block delim */
{
size_t srcSize = 4;
void* const src = CNBuffer;
size_t dstSize = ZSTD_compressBound(srcSize);
void* const dst = compressedBuffer;
size_t const kNbSequences = 1;
ZSTD_Sequence* sequences = malloc(sizeof(ZSTD_Sequence) * kNbSequences);
void* const checkBuf = malloc(srcSize);

memset(src, 'x', srcSize);

sequences[0] = (ZSTD_Sequence) {1, 1, 3, 0};

/* Test with sequence validation */
CHECK_Z(ZSTD_CCtx_setParameter(cctx, ZSTD_c_minMatch, 3));
CHECK_Z(ZSTD_CCtx_setParameter(cctx, ZSTD_c_blockDelimiters, ZSTD_sf_noBlockDelimiters));
CHECK_Z(ZSTD_CCtx_setParameter(cctx, ZSTD_c_validateSequences, 1));

cSize = ZSTD_compressSequences(cctx, dst, dstSize,
sequences, kNbSequences,
src, srcSize);

CHECK(ZSTD_isError(cSize), "Should not throw an error");
CHECK_Z(ZSTD_decompress(checkBuf, srcSize, dst, cSize));
CHECK(memcmp(src, checkBuf, srcSize) != 0, "Corruption!");

free(sequences);
free(checkBuf);
}

ZSTD_CCtx_reset(cctx, ZSTD_reset_session_and_parameters);

{ /* Test case with two additional sequences */
size_t srcSize = 19;
void* const src = CNBuffer;
Expand Down

0 comments on commit 7d600c6

Please sign in to comment.