Corrected a (rare) bug in compression function

git-svn-id: https://lz4.googlecode.com/svn/trunk@14 650e7d94-2a16-8b24-b05c-7c0b3f6821cd

2 files changed, 10 insertions, 3 deletions

diff --git a/Makefile b/Makefile
index ea32feb..174dc46 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-all: lz4.32 lz4.64
+all: lz4.64 lz4.32 
 
 lz4.64: lz4.c lz4.h main.c
 	gcc -g -O3 -I. -Wall -W lz4.c main.c -o lz4.64.exe
diff --git a/lz4.c b/lz4.c
index de928f3..e482bb2 100644
--- a/lz4.c
+++ b/lz4.c
@@ -48,7 +48,7 @@
 //**************************************

 // Basic Types

 //**************************************

-#if defined(_MSC_VER) || defined(_WIN32) || defined(__WIN32__)

+#if defined(_MSC_VER) 

 #define BYTE	unsigned __int8

 #define U16		unsigned __int16

 #define U32		unsigned __int32

@@ -161,7 +161,7 @@ int LZ4_compressCtx(void** ctx,
 		step=1;

 

 		// Catch up

-		while ((ip>anchor) && (ip[-1]==ref[-1])) { ip--; ref--; }  

+		while ((ip>anchor) && (ref>(BYTE*)source) && (ip[-1]==ref[-1])) { ip--; ref--; }  

 

 		// Encode Literal length

 		length = ip - anchor;

@@ -221,6 +221,13 @@ _endCount:
 //****************************

 // Decompression CODE

 //****************************

+

+// Note : The decoding functions LZ4_uncompress() and LZ4_uncompress_unknownOutputSize() 

+//		are safe against "buffer overflow" attack type

+//		since they will *never* write outside of the provided output buffer :

+//		they both check this condition *before* writing anything.

+//		A corrupted packet however can make them *read* within the first 64K before the output buffer.

+

 int LZ4_uncompress(char* source, 

 				 char* dest,

 				 int osize)