summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorYann Collet <Cyan4973@users.noreply.github.com>2018-04-23 02:30:24 (GMT)
committerGitHub <noreply@github.com>2018-04-23 02:30:24 (GMT)
commit996d211aca5407c97b0c3736f20ae599f05f0d44 (patch)
treef7682234ceaebb92935573c386600488e627fa19 /lib
parent62d7cdcc741480842a0c217df7cb26ad3946ab32 (diff)
parentab06ef97bb5bb50f642add1e80854a09c3d38068 (diff)
downloadlz4-996d211aca5407c97b0c3736f20ae599f05f0d44.zip
lz4-996d211aca5407c97b0c3736f20ae599f05f0d44.tar.gz
lz4-996d211aca5407c97b0c3736f20ae599f05f0d44.tar.bz2
Merge pull request #509 from svpv/clarifyFastRisks
lz4.h: clarify the risks of using LZ4_decompress_fast()
Diffstat (limited to 'lib')
-rw-r--r--lib/lz4.h12
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/lz4.h b/lib/lz4.h
index 0dfa19e..db6353c 100644
--- a/lib/lz4.h
+++ b/lib/lz4.h
@@ -206,15 +206,17 @@ LZ4LIB_API int LZ4_compress_destSize (const char* src, char* dst, int* srcSizePt
/*!
LZ4_decompress_fast() : **unsafe!**
This function is a bit faster than LZ4_decompress_safe(),
-but doesn't provide any security guarantee.
+but it may misbehave on malformed input because it doesn't perform full validation of compressed data.
originalSize : is the uncompressed size to regenerate
Destination buffer must be already allocated, and its size must be >= 'originalSize' bytes.
return : number of bytes read from source buffer (== compressed size).
If the source stream is detected malformed, the function stops decoding and return a negative result.
- note : This function respects memory boundaries for *properly formed* compressed data.
- However, it does not provide any protection against malicious input.
- It also doesn't know 'src' size, and implies it's >= compressed size.
- Use this function in trusted environment **only**.
+ note : This function is only usable if the originalSize of uncompressed data is known in advance.
+ The caller should also check that all the compressed input has been consumed properly,
+ i.e. that the return value matches the size of the buffer with compressed input.
+ The function never writes past the output buffer. However, since it doesn't know its 'src' size,
+ it may read past the intended input. Also, because match offsets are not validated during decoding,
+ reads from 'src' may underflow. Use this function in trusted environment **only**.
*/
LZ4LIB_API int LZ4_decompress_fast (const char* src, char* dst, int originalSize);