diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/lz4.h | 8 | ||||
| -rw-r--r-- | lib/lz4hc.c | 1 |
2 files changed, 6 insertions, 3 deletions
@@ -638,9 +638,11 @@ LZ4_DEPRECATED("use LZ4_decompress_fast_usingDict() instead") LZ4LIB_API int LZ4 * On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability. * As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated. * - * Only LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size. - * Even that functionality could be achieved in a more secure manner if need be, - * though it would require new prototypes, and adaptation of the implementation to this new use case. + * The last remaining LZ4_decompress_fast() specificity is that + * it can decompress a block without knowing its compressed size. + * Such functionality could be achieved in a more secure manner, + * by also providing the maximum size of input buffer, + * but it would require new prototypes, and adaptation of the implementation to this new use case. * * Parameters: * originalSize : is the uncompressed size to regenerate. diff --git a/lib/lz4hc.c b/lib/lz4hc.c index d5f6743..031df8f 100644 --- a/lib/lz4hc.c +++ b/lib/lz4hc.c @@ -1396,6 +1396,7 @@ static int LZ4HC_compress_optimal ( LZ4HC_CCtx_internal* ctx, } } } /* for (cur = 1; cur <= last_match_pos; cur++) */ + assert(last_match_pos < LZ4_OPT_NUM + TRAILING_LITERALS); best_mlen = opt[last_match_pos].mlen; best_off = opt[last_match_pos].off; cur = last_match_pos - best_mlen; |