-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zstd: Fix back-referenced offset #793
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since we expand backwards early, we may be in a situation where best.s+2 has already been indexed. This will result in picking up a 0 or negative offset, which leads to corrupted data. Skip this check if best.s is less than or equal to s-2. Regression from #784 (not released)
Caught 15 minutes after this PR was opened on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57460 |
kodiakhq bot
referenced
this pull request
in cloudquery/filetypes
May 1, 2023
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.16.3` -> `v1.16.5` | --- ### Release Notes <details> <summary>klauspost/compress</summary> ### [`v1.16.5`](https://togithub.com/klauspost/compress/releases/tag/v1.16.5) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.4...v1.16.5) #### What's Changed - zstd: readByte needs to use io.ReadFull by [@​jnoxon](https://togithub.com/jnoxon) in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802) - gzip: Fix WriterTo after initial read by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/804](https://togithub.com/klauspost/compress/pull/804) #### New Contributors - [@​jnoxon](https://togithub.com/jnoxon) made their first contribution in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802) **Full Changelog**: klauspost/compress@v1.16.4...v1.16.5 ### [`v1.16.4`](https://togithub.com/klauspost/compress/releases/tag/v1.16.4) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.3...v1.16.4) #### What's Changed - s2: Fix huge block overflow by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/779](https://togithub.com/klauspost/compress/pull/779) - s2: Allow CustomEncoder fallback by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/780](https://togithub.com/klauspost/compress/pull/780) - zstd: Fix amd64 not always detecting corrupt data by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/785](https://togithub.com/klauspost/compress/pull/785) - zstd: Improve zstd best efficiency by [@​klauspost](https://togithub.com/klauspost) and [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/784](https://togithub.com/klauspost/compress/pull/784) - zstd: Make load(32|64)32 safer and smaller by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/788](https://togithub.com/klauspost/compress/pull/788) - zstd: Fix quick reject on long backmatches by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/787](https://togithub.com/klauspost/compress/pull/787) - zstd: Revert table size change by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/789](https://togithub.com/klauspost/compress/pull/789) - zstd: Respect WithAllLitEntropyCompression by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/792](https://togithub.com/klauspost/compress/pull/792) - zstd: Fix back-referenced offset by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/793](https://togithub.com/klauspost/compress/pull/793) - zstd: Load source value at start of loop by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/794](https://togithub.com/klauspost/compress/pull/794) - zstd: Shorten checksum code by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/795](https://togithub.com/klauspost/compress/pull/795) - zstd: Fix fallback on incompressible block by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/798](https://togithub.com/klauspost/compress/pull/798) - gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by [@​jgimenez](https://togithub.com/jgimenez) in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799) #### New Contributors - [@​jgimenez](https://togithub.com/jgimenez) made their first contribution in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799) **Full Changelog**: klauspost/compress@v1.16.3...v1.16.4 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS42Ni4zIiwidXBkYXRlZEluVmVyIjoiMzUuNjYuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
kodiakhq bot
referenced
this pull request
in cloudquery/plugin-sdk
Jul 1, 2023
) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.16.0` -> `v1.16.6` | --- ### Release Notes <details> <summary>klauspost/compress (github.com/klauspost/compress)</summary> ### [`v1.16.6`](https://togithub.com/klauspost/compress/releases/tag/v1.16.6) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.5...v1.16.6) #### What's Changed - zstd: correctly ignore WithEncoderPadding(1) by [@​ianlancetaylor](https://togithub.com/ianlancetaylor) in [https://github.com/klauspost/compress/pull/806](https://togithub.com/klauspost/compress/pull/806) - gzhttp: Handle informational headers by [@​rtribotte](https://togithub.com/rtribotte) in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815) - zstd: Add amd64 match length assembly by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/824](https://togithub.com/klauspost/compress/pull/824) - s2: Improve Better compression slightly by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/663](https://togithub.com/klauspost/compress/pull/663) - s2: Clean up matchlen assembly by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/825](https://togithub.com/klauspost/compress/pull/825) #### New Contributors - [@​rtribotte](https://togithub.com/rtribotte) made their first contribution in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815) - [@​dveeden](https://togithub.com/dveeden) made their first contribution in [https://github.com/klauspost/compress/pull/816](https://togithub.com/klauspost/compress/pull/816) **Full Changelog**: klauspost/compress@v1.16.5...v1.16.6 ### [`v1.16.5`](https://togithub.com/klauspost/compress/releases/tag/v1.16.5) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.4...v1.16.5) #### What's Changed - zstd: readByte needs to use io.ReadFull by [@​jnoxon](https://togithub.com/jnoxon) in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802) - gzip: Fix WriterTo after initial read by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/804](https://togithub.com/klauspost/compress/pull/804) #### New Contributors - [@​jnoxon](https://togithub.com/jnoxon) made their first contribution in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802) **Full Changelog**: klauspost/compress@v1.16.4...v1.16.5 ### [`v1.16.4`](https://togithub.com/klauspost/compress/releases/tag/v1.16.4) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.3...v1.16.4) #### What's Changed - s2: Fix huge block overflow by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/779](https://togithub.com/klauspost/compress/pull/779) - s2: Allow CustomEncoder fallback by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/780](https://togithub.com/klauspost/compress/pull/780) - zstd: Fix amd64 not always detecting corrupt data by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/785](https://togithub.com/klauspost/compress/pull/785) - zstd: Improve zstd best efficiency by [@​klauspost](https://togithub.com/klauspost) and [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/784](https://togithub.com/klauspost/compress/pull/784) - zstd: Make load(32|64)32 safer and smaller by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/788](https://togithub.com/klauspost/compress/pull/788) - zstd: Fix quick reject on long backmatches by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/787](https://togithub.com/klauspost/compress/pull/787) - zstd: Revert table size change by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/789](https://togithub.com/klauspost/compress/pull/789) - zstd: Respect WithAllLitEntropyCompression by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/792](https://togithub.com/klauspost/compress/pull/792) - zstd: Fix back-referenced offset by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/793](https://togithub.com/klauspost/compress/pull/793) - zstd: Load source value at start of loop by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/794](https://togithub.com/klauspost/compress/pull/794) - zstd: Shorten checksum code by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/795](https://togithub.com/klauspost/compress/pull/795) - zstd: Fix fallback on incompressible block by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/798](https://togithub.com/klauspost/compress/pull/798) - gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by [@​jgimenez](https://togithub.com/jgimenez) in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799) #### New Contributors - [@​jgimenez](https://togithub.com/jgimenez) made their first contribution in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799) **Full Changelog**: klauspost/compress@v1.16.3...v1.16.4 ### [`v1.16.3`](https://togithub.com/klauspost/compress/releases/tag/v1.16.3) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.2...v1.16.3) **Full Changelog**: klauspost/compress@v1.16.2...v1.16.3 ### [`v1.16.2`](https://togithub.com/klauspost/compress/releases/tag/v1.16.2) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.1...v1.16.2) #### What's Changed - Fix Goreleaser permissions by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/777](https://togithub.com/klauspost/compress/pull/777) **Full Changelog**: klauspost/compress@v1.16.1...v1.16.2 ### [`v1.16.1`](https://togithub.com/klauspost/compress/releases/tag/v1.16.1) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.0...v1.16.1) #### What's Changed - zstd: Speed up + improve best encoder by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/776](https://togithub.com/klauspost/compress/pull/776) - s2: Add Intel LZ4s converter by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/766](https://togithub.com/klauspost/compress/pull/766) - gzhttp: Add BREACH mitigation by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/762](https://togithub.com/klauspost/compress/pull/762) - gzhttp: Remove a few unneeded allocs by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/768](https://togithub.com/klauspost/compress/pull/768) - gzhttp: Fix crypto/rand.Read usage by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/770](https://togithub.com/klauspost/compress/pull/770) - gzhttp: Use SHA256 as paranoid option by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/769](https://togithub.com/klauspost/compress/pull/769) - gzhttp: Use strings for randomJitter to skip a copy by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/767](https://togithub.com/klauspost/compress/pull/767) - zstd: Fix ineffective block size check by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/771](https://togithub.com/klauspost/compress/pull/771) - zstd: Check FSE init values by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/772](https://togithub.com/klauspost/compress/pull/772) - zstd: Report EOF from byteBuf.readBig by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/773](https://togithub.com/klauspost/compress/pull/773) - huff0: Speed up compress1xDo by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/774](https://togithub.com/klauspost/compress/pull/774) - tests: Remove fuzz printing by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/775](https://togithub.com/klauspost/compress/pull/775) - tests: Add CICD Fuzz testing by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/763](https://togithub.com/klauspost/compress/pull/763) - ci: set minimal permissions to GitHub Workflows by [@​diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765) #### New Contributors - [@​diogoteles08](https://togithub.com/diogoteles08) made their first contribution in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765) **Full Changelog**: klauspost/compress@v1.16.0...v1.16.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNTEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjE1MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
kodiakhq bot
referenced
this pull request
in cloudquery/plugin-pb-go
Aug 1, 2023
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | minor | `v1.15.15` -> `v1.16.7` | --- ### Release Notes <details> <summary>klauspost/compress (github.com/klauspost/compress)</summary> ### [`v1.16.7`](https://togithub.com/klauspost/compress/releases/tag/v1.16.7) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.6...v1.16.7) #### What's Changed - zstd: Fix default level first dictionary encode by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/829](https://togithub.com/klauspost/compress/pull/829) - docs: Fix typo in security advisory URL by [@​vcabbage](https://togithub.com/vcabbage) in [https://github.com/klauspost/compress/pull/830](https://togithub.com/klauspost/compress/pull/830) - s2: add GetBufferCapacity() method by [@​GiedriusS](https://togithub.com/GiedriusS) in [https://github.com/klauspost/compress/pull/832](https://togithub.com/klauspost/compress/pull/832) #### New Contributors - [@​vcabbage](https://togithub.com/vcabbage) made their first contribution in [https://github.com/klauspost/compress/pull/830](https://togithub.com/klauspost/compress/pull/830) - [@​GiedriusS](https://togithub.com/GiedriusS) made their first contribution in [https://github.com/klauspost/compress/pull/832](https://togithub.com/klauspost/compress/pull/832) **Full Changelog**: klauspost/compress@v1.16.6...v1.16.7 ### [`v1.16.6`](https://togithub.com/klauspost/compress/releases/tag/v1.16.6) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.5...v1.16.6) #### What's Changed - zstd: correctly ignore WithEncoderPadding(1) by [@​ianlancetaylor](https://togithub.com/ianlancetaylor) in [https://github.com/klauspost/compress/pull/806](https://togithub.com/klauspost/compress/pull/806) - gzhttp: Handle informational headers by [@​rtribotte](https://togithub.com/rtribotte) in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815) - zstd: Add amd64 match length assembly by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/824](https://togithub.com/klauspost/compress/pull/824) - s2: Improve Better compression slightly by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/663](https://togithub.com/klauspost/compress/pull/663) - s2: Clean up matchlen assembly by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/825](https://togithub.com/klauspost/compress/pull/825) #### New Contributors - [@​rtribotte](https://togithub.com/rtribotte) made their first contribution in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815) - [@​dveeden](https://togithub.com/dveeden) made their first contribution in [https://github.com/klauspost/compress/pull/816](https://togithub.com/klauspost/compress/pull/816) **Full Changelog**: klauspost/compress@v1.16.5...v1.16.6 ### [`v1.16.5`](https://togithub.com/klauspost/compress/releases/tag/v1.16.5) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.4...v1.16.5) #### What's Changed - zstd: readByte needs to use io.ReadFull by [@​jnoxon](https://togithub.com/jnoxon) in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802) - gzip: Fix WriterTo after initial read by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/804](https://togithub.com/klauspost/compress/pull/804) #### New Contributors - [@​jnoxon](https://togithub.com/jnoxon) made their first contribution in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802) **Full Changelog**: klauspost/compress@v1.16.4...v1.16.5 ### [`v1.16.4`](https://togithub.com/klauspost/compress/releases/tag/v1.16.4) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.3...v1.16.4) #### What's Changed - s2: Fix huge block overflow by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/779](https://togithub.com/klauspost/compress/pull/779) - s2: Allow CustomEncoder fallback by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/780](https://togithub.com/klauspost/compress/pull/780) - zstd: Fix amd64 not always detecting corrupt data by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/785](https://togithub.com/klauspost/compress/pull/785) - zstd: Improve zstd best efficiency by [@​klauspost](https://togithub.com/klauspost) and [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/784](https://togithub.com/klauspost/compress/pull/784) - zstd: Make load(32|64)32 safer and smaller by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/788](https://togithub.com/klauspost/compress/pull/788) - zstd: Fix quick reject on long backmatches by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/787](https://togithub.com/klauspost/compress/pull/787) - zstd: Revert table size change by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/789](https://togithub.com/klauspost/compress/pull/789) - zstd: Respect WithAllLitEntropyCompression by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/792](https://togithub.com/klauspost/compress/pull/792) - zstd: Fix back-referenced offset by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/793](https://togithub.com/klauspost/compress/pull/793) - zstd: Load source value at start of loop by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/794](https://togithub.com/klauspost/compress/pull/794) - zstd: Shorten checksum code by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/795](https://togithub.com/klauspost/compress/pull/795) - zstd: Fix fallback on incompressible block by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/798](https://togithub.com/klauspost/compress/pull/798) - gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by [@​jgimenez](https://togithub.com/jgimenez) in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799) #### New Contributors - [@​jgimenez](https://togithub.com/jgimenez) made their first contribution in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799) **Full Changelog**: klauspost/compress@v1.16.3...v1.16.4 ### [`v1.16.3`](https://togithub.com/klauspost/compress/releases/tag/v1.16.3) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.2...v1.16.3) **Full Changelog**: klauspost/compress@v1.16.2...v1.16.3 ### [`v1.16.2`](https://togithub.com/klauspost/compress/releases/tag/v1.16.2) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.1...v1.16.2) #### What's Changed - Fix Goreleaser permissions by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/777](https://togithub.com/klauspost/compress/pull/777) **Full Changelog**: klauspost/compress@v1.16.1...v1.16.2 ### [`v1.16.1`](https://togithub.com/klauspost/compress/releases/tag/v1.16.1) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.0...v1.16.1) #### What's Changed - zstd: Speed up + improve best encoder by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/776](https://togithub.com/klauspost/compress/pull/776) - s2: Add Intel LZ4s converter by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/766](https://togithub.com/klauspost/compress/pull/766) - gzhttp: Add BREACH mitigation by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/762](https://togithub.com/klauspost/compress/pull/762) - gzhttp: Remove a few unneeded allocs by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/768](https://togithub.com/klauspost/compress/pull/768) - gzhttp: Fix crypto/rand.Read usage by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/770](https://togithub.com/klauspost/compress/pull/770) - gzhttp: Use SHA256 as paranoid option by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/769](https://togithub.com/klauspost/compress/pull/769) - gzhttp: Use strings for randomJitter to skip a copy by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/767](https://togithub.com/klauspost/compress/pull/767) - zstd: Fix ineffective block size check by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/771](https://togithub.com/klauspost/compress/pull/771) - zstd: Check FSE init values by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/772](https://togithub.com/klauspost/compress/pull/772) - zstd: Report EOF from byteBuf.readBig by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/773](https://togithub.com/klauspost/compress/pull/773) - huff0: Speed up compress1xDo by [@​greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/774](https://togithub.com/klauspost/compress/pull/774) - tests: Remove fuzz printing by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/775](https://togithub.com/klauspost/compress/pull/775) - tests: Add CICD Fuzz testing by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/763](https://togithub.com/klauspost/compress/pull/763) - ci: set minimal permissions to GitHub Workflows by [@​diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765) #### New Contributors - [@​diogoteles08](https://togithub.com/diogoteles08) made their first contribution in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765) **Full Changelog**: klauspost/compress@v1.16.0...v1.16.1 ### [`v1.16.0`](https://togithub.com/klauspost/compress/releases/tag/v1.16.0) [Compare Source](https://togithub.com/klauspost/compress/compare/v1.15.15...v1.16.0) #### What's Changed - s2: Add Dictionary support by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/685](https://togithub.com/klauspost/compress/pull/685) - s2: Add Compression Size Estimate by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/752](https://togithub.com/klauspost/compress/pull/752) - s2: Add support for custom stream encoder by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/755](https://togithub.com/klauspost/compress/pull/755) - s2: Add LZ4 block converter by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/748](https://togithub.com/klauspost/compress/pull/748) - s2: Support io.ReaderAt in ReadSeeker by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/747](https://togithub.com/klauspost/compress/pull/747) - s2c/s2sx: Use concurrent decoding by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/746](https://togithub.com/klauspost/compress/pull/746) - tests: Upgrade to Go 1.20 by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/749](https://togithub.com/klauspost/compress/pull/749) - Update all (command) dependencies by [@​klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/758](https://togithub.com/klauspost/compress/pull/758) **Full Changelog**: klauspost/compress@v1.15.15...v1.16.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzYuMjYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
klauspost
added a commit
that referenced
this pull request
Oct 22, 2023
Regression from #784 and followup #793 Fixes #875 A 0 offset backreference was possible when "improve" was successful twice in a row in the "skipBeginning" part, only finding 2 (previously unmatches) length 4 matches, but where start offset decreased by 2 in both cases. This would result in output where the end offset would equal to the next 's', thereby doing a self-reference. Add a general check in "improve" and just reject these. Will also guard against similar issues in the future. This also hints at some potentially suboptimal hash indexing - but I will take that improvement separately. Fuzz test set updated.
klauspost
added a commit
that referenced
this pull request
Oct 22, 2023
* zstd: Fix corrupted output in "best" Regression from #784 and followup #793 Fixes #875 A 0 offset backreference was possible when "improve" was successful twice in a row in the "skipBeginning" part, only finding 2 (previously unmatches) length 4 matches, but where start offset decreased by 2 in both cases. This would result in output where the end offset would equal to the next 's', thereby doing a self-reference. Add a general check in "improve" and just reject these. Will also guard against similar issues in the future. This also hints at some potentially suboptimal hash indexing - but I will take that improvement separately. Fuzz test set updated.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since we expand backwards early, we may be in a situation where best.s+2 has already been indexed.
This will result in picking up a 0 or negative offset, which leads to corrupted data.
Skip this check if best.s is less than or equal to s-2.
Regression from #784 (not released)