diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/lz4_manual.html | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/doc/lz4_manual.html b/doc/lz4_manual.html index 356a60d..ee43b8a 100644 --- a/doc/lz4_manual.html +++ b/doc/lz4_manual.html @@ -454,21 +454,18 @@ union LZ4_streamDecode_u { </p></pre><BR> -<pre><b>LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe() instead") LZ4LIB_API -int LZ4_decompress_fast (const char* src, char* dst, int originalSize); -LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_continue() instead") LZ4LIB_API -int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int originalSize); -LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_usingDict() instead") LZ4LIB_API -int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, const char* dictStart, int dictSize); -</b><p> These functions used to be a bit faster than LZ4_decompress_safe(), - but situation has changed in recent versions. - Now, `LZ4_decompress_safe()` is as fast and sometimes even faster than `LZ4_decompress_fast()`. - Moreover, LZ4_decompress_safe() is protected vs malformed input, while `LZ4_decompress_fast()` is not, making it a security liability. +<pre><b></b><p> These functions used to be faster than LZ4_decompress_safe(), + but it has changed, and they are now slower than LZ4_decompress_safe(). + This is because LZ4_decompress_fast() doesn't know the input size, + and therefore must progress more cautiously in the input buffer to not read beyond the end of block. + On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability. As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated. - Last LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size. - Note that even that functionality could be achieved in a more secure manner if need be, - though it would require new prototypes, and adaptation of the implementation to this new use case. + The last remaining LZ4_decompress_fast() specificity is that + it can decompress a block without knowing its compressed size. + Such functionality could be achieved in a more secure manner, + by also providing the maximum size of input buffer, + but it would require new prototypes, and adaptation of the implementation to this new use case. Parameters: originalSize : is the uncompressed size to regenerate. @@ -477,9 +474,9 @@ int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, The function expects to finish at block's end exactly. If the source stream is detected malformed, the function stops decoding and returns a negative result. note : LZ4_decompress_fast*() requires originalSize. Thanks to this information, it never writes past the output buffer. - However, since it doesn't know its 'src' size, it may read an unknown amount of input, and overflow input buffer. - Also, since match offsets are not validated, match reads from 'src' may underflow. - These issues never happen if input data is correct. + However, since it doesn't know its 'src' size, it may read an unknown amount of input, past input buffer bounds. + Also, since match offsets are not validated, match reads from 'src' may underflow too. + These issues never happen if input (compressed) data is correct. But they may happen if input data is invalid (error or intentional tampering). As a consequence, use these functions in trusted environments with trusted data **only**. |