summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorW. Felix Handte <w@felixhandte.com>2018-04-20 21:10:47 (GMT)
committerW. Felix Handte <w@felixhandte.com>2018-04-20 21:13:03 (GMT)
commit1d2500d44e97a46eb447745d02652e02435baadb (patch)
tree1ef110d63dbd586a59b1a090b75ff54b1dcf81ac /lib
parent7874cf06b3307a7ba5efdd141d068887480aaf11 (diff)
downloadlz4-1d2500d44e97a46eb447745d02652e02435baadb.zip
lz4-1d2500d44e97a46eb447745d02652e02435baadb.tar.gz
lz4-1d2500d44e97a46eb447745d02652e02435baadb.tar.bz2
Handle Index Underflows Safely
Diffstat (limited to 'lib')
-rw-r--r--lib/lz4hc.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/lib/lz4hc.c b/lib/lz4hc.c
index e5eb11d..843b539 100644
--- a/lib/lz4hc.c
+++ b/lib/lz4hc.c
@@ -221,7 +221,8 @@ LZ4HC_InsertAndGetWiderMatch (
const BYTE* const base = hc4->base;
const U32 dictLimit = hc4->dictLimit;
const BYTE* const lowPrefixPtr = base + dictLimit;
- const U32 lowLimit = (hc4->lowLimit + 64 KB > (U32)(ip-base)) ? hc4->lowLimit : (U32)(ip - base) - MAX_DISTANCE;
+ const U32 ipIndex = (U32)(ip - base);
+ const U32 lowLimit = (hc4->lowLimit + 64 KB > ipIndex) ? hc4->lowLimit : ipIndex - MAX_DISTANCE;
const BYTE* const dictBase = hc4->dictBase;
int const delta = (int)(ip-iLowLimit);
int nbAttempts = maxNbAttempts;
@@ -304,14 +305,12 @@ LZ4HC_InsertAndGetWiderMatch (
} } } }
} /* while ((matchIndex>=lowLimit) && (nbAttempts)) */
- if (dict == usingDictCtx && nbAttempts && ip - base - lowLimit < MAX_DISTANCE) {
- const ptrdiff_t dictIndexDelta = dictCtx->base - dictCtx->end + lowLimit;
- /* bounds check, since we need to downcast */
- assert(dictIndexDelta <= 1 GB);
- assert(dictIndexDelta >= -1 GB);
+ if (dict == usingDictCtx && nbAttempts && ipIndex - lowLimit < MAX_DISTANCE) {
+ size_t const dictEndOffset = dictCtx->end - dictCtx->base;
+ assert(dictEndOffset <= 1 GB);
dictMatchIndex = dictCtx->hashTable[LZ4HC_hashPtr(ip)];
- matchIndex = dictMatchIndex + (int)dictIndexDelta;
- while ((ptrdiff_t) matchIndex + MAX_DISTANCE > ip - base && nbAttempts--) {
+ matchIndex = dictMatchIndex + lowLimit - (U32)dictEndOffset;
+ while (ipIndex - matchIndex <= MAX_DISTANCE && nbAttempts--) {
const BYTE* const matchPtr = dictCtx->base + dictMatchIndex;
if (LZ4_read32(matchPtr) == pattern) {