diff options
author | Nick Terrell <terrelln@fb.com> | 2019-08-09 17:32:26 (GMT) |
---|---|---|
committer | Nick Terrell <terrelln@fb.com> | 2019-08-09 17:36:46 (GMT) |
commit | d7cad81093cd805110291f84d64d385557d0ffba (patch) | |
tree | 9af7fb7a0b32809791cad70c12eda3dc9ccb48c7 /lib | |
parent | 1bcde6414a68094601ecd57a968808fdd43fb986 (diff) | |
download | lz4-d7cad81093cd805110291f84d64d385557d0ffba.zip lz4-d7cad81093cd805110291f84d64d385557d0ffba.tar.gz lz4-d7cad81093cd805110291f84d64d385557d0ffba.tar.bz2 |
[LZ4_compress_destSize] Fix off-by-one error
PR#756 fixed the data corruption bug, but didn't clear `ip`. PR#760
fixed that off-by-one error, but missed the case where `ip == filledIp`,
which is harder for the fuzzers to find (it took 20 days not 1 day).
Verified this fixed the issue reported by OSS-Fuzz.
Credit to OSS-Fuzz.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/lz4.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1040,7 +1040,7 @@ _next_match: ip -= matchCode - newMatchCode; assert(newMatchCode < matchCode); matchCode = newMatchCode; - if (unlikely(ip < filledIp)) { + if (unlikely(ip <= filledIp)) { /* We have already filled up to filledIp so if ip ends up less than filledIp * we have positions in the hash table beyond the current position. This is * a problem if we reuse the hash table. So we have to remove these positions |