summaryrefslogtreecommitdiffstats
path: root/lib/lz4opt.h
diff options
context:
space:
mode:
authorYann Collet <cyan@fb.com>2017-06-26 18:29:05 (GMT)
committerYann Collet <cyan@fb.com>2017-06-26 18:29:05 (GMT)
commit6ad3a983dbf3a25273e04051d29022c72c469cd5 (patch)
treec010e4eb8b3811a97d7c23552bdfc957bd30bcb0 /lib/lz4opt.h
parent2ef4afeebeadae41a83f4cb5702180f8137c30f6 (diff)
downloadlz4-6ad3a983dbf3a25273e04051d29022c72c469cd5.zip
lz4-6ad3a983dbf3a25273e04051d29022c72c469cd5.tar.gz
lz4-6ad3a983dbf3a25273e04051d29022c72c469cd5.tar.bz2
fix #369
The bug would make the bt search read one byte in an invalid memory region, and make a branch decision based on its value. Impact was small (missed compression opportunity). It only happens in -BD mode, with extDict-prefix overlapping matches. The bt match search is supposed to work also in extDict mode. In which case, the match ptr can point into Dict. When the match was overlapping Dict<->Prefix, match[matchLength] would end up outside of Dict, in an invalid memory area. The correction ensures that in such a case, match[matchLength] ends up at intended location, inside prefix.
Diffstat (limited to 'lib/lz4opt.h')
-rw-r--r--lib/lz4opt.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/lz4opt.h b/lib/lz4opt.h
index b346eba..e9e54d8 100644
--- a/lib/lz4opt.h
+++ b/lib/lz4opt.h
@@ -122,6 +122,8 @@ FORCE_INLINE int LZ4HC_BinTree_InsertAndGetAllMatches (
matchLength = LZ4_count(ip, match, vLimit);
if ((ip+matchLength == vLimit) && (vLimit < iHighLimit))
matchLength += LZ4_count(ip+matchLength, base+dictLimit, iHighLimit);
+ if (matchIndex+matchLength >= dictLimit)
+ match = base + matchIndex; /* to prepare for next usage of match[matchLength] */
}
if (matchLength > best_mlen) {
@@ -140,6 +142,8 @@ FORCE_INLINE int LZ4HC_BinTree_InsertAndGetAllMatches (
if (ip+matchLength >= iHighLimit) /* equal : no way to know if inf or sup */
break; /* drop , to guarantee consistency ; miss a bit of compression, but other solutions can corrupt the tree */
+ DEBUGLOG(6, "ip :%016llX", (U64)ip);
+ DEBUGLOG(6, "match:%016llX", (U64)match);
if (*(ip+matchLength) < *(match+matchLength)) {
*ptr0 = delta0;
ptr0 = &DELTANEXTMAXD(matchIndex*2);
@@ -224,6 +228,7 @@ static int LZ4HC_compress_optimal (
BYTE* const oend = op + maxOutputSize;
/* init */
+ DEBUGLOG(5, "LZ4HC_compress_optimal");
if (sufficient_len >= LZ4_OPT_NUM) sufficient_len = LZ4_OPT_NUM-1;
ctx->end += inputSize;
ip++;