diff options
author | Yann Collet <cyan@fb.com> | 2019-04-17 22:01:53 (GMT) |
---|---|---|
committer | Yann Collet <cyan@fb.com> | 2019-04-17 22:01:53 (GMT) |
commit | 25d96f1e4d84b9fca8f754cd91b822fc32758e5c (patch) | |
tree | 7c2818389ade8b2eed6b1900e659427c6dbdafc6 /lib/lz4.h | |
parent | 1ed69691a1d1226a6d6e7c465eb1e8c2706833cb (diff) | |
download | lz4-25d96f1e4d84b9fca8f754cd91b822fc32758e5c.zip lz4-25d96f1e4d84b9fca8f754cd91b822fc32758e5c.tar.gz lz4-25d96f1e4d84b9fca8f754cd91b822fc32758e5c.tar.bz2 |
fix out-of-bound read within LZ4_decompress_fast()
and deprecate LZ4_decompress_fast(),
with deprecation warnings enabled by default.
Note that, as a consequence of the fix,
LZ4_decompress_fast is now __slower__ than LZ4_decompress_safe().
That's because, since it doesn't know the input buffer size,
it must progress more cautiously into the input buffer
to ensure to out-of-bound read.
Diffstat (limited to 'lib/lz4.h')
-rw-r--r-- | lib/lz4.h | 19 |
1 files changed, 10 insertions, 9 deletions
@@ -631,14 +631,15 @@ LZ4_DEPRECATED("use LZ4_decompress_safe_usingDict() instead") LZ4LIB_API int LZ4 LZ4_DEPRECATED("use LZ4_decompress_fast_usingDict() instead") LZ4LIB_API int LZ4_decompress_fast_withPrefix64k (const char* src, char* dst, int originalSize); /*! LZ4_decompress_fast() : **unsafe!** - * These functions are generally slightly faster than LZ4_decompress_safe(), - * though the difference is small (generally ~5%). - * However, the real cost is a risk : LZ4_decompress_safe() is protected vs malformed input, while `LZ4_decompress_fast()` is not, making it a security liability. + * These functions used to be faster than LZ4_decompress_safe(), + * but it has changed, and they are now slower than LZ4_decompress_safe(). + * This is because LZ4_decompress_fast() doesn't know the input size, + * and therefore must progress more cautiously in the input buffer to not read beyond the end of block. + * On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability. * As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated. - * These functions will generate a deprecation warning in the future. * - * Last LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size. - * Note that even that functionality could be achieved in a more secure manner if need be, + * Only LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size. + * Even that functionality could be achieved in a more secure manner if need be, * though it would require new prototypes, and adaptation of the implementation to this new use case. * * Parameters: @@ -655,11 +656,11 @@ LZ4_DEPRECATED("use LZ4_decompress_fast_usingDict() instead") LZ4LIB_API int LZ4 * As a consequence, use these functions in trusted environments with trusted data **only**. */ -/* LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe() instead") */ +LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe() instead") LZ4LIB_API int LZ4_decompress_fast (const char* src, char* dst, int originalSize); -/* LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_continue() instead") */ +LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_continue() instead") LZ4LIB_API int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int originalSize); -/* LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_usingDict() instead") */ +LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_usingDict() instead") LZ4LIB_API int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, const char* dictStart, int dictSize); /*! LZ4_resetStream() : |