From 0b876db6d42ec22da0c635e97a0d690908f2104a Mon Sep 17 00:00:00 2001 From: Yann Collet Date: Thu, 18 Apr 2019 16:06:02 -0700 Subject: address a few minor Visual warnings and created target cxx17build --- Makefile | 8 ++++++++ doc/lz4_manual.html | 29 +++++++++++++---------------- lib/lz4.h | 8 +++++--- lib/lz4hc.c | 1 + tests/frametest.c | 7 ++++--- tests/fullbench.c | 4 ++-- tests/fuzzer.c | 4 ++-- 7 files changed, 35 insertions(+), 26 deletions(-) diff --git a/Makefile b/Makefile index f3c6ce2..f3844a1 100644 --- a/Makefile +++ b/Makefile @@ -181,6 +181,14 @@ gpptest gpptest32: clean CC=$(CC) $(MAKE) -C $(PRGDIR) all CFLAGS="$(CFLAGS)" CC=$(CC) $(MAKE) -C $(TESTDIR) all CFLAGS="$(CFLAGS)" +cxx17build : CC = "$(CXX) -Wno-deprecated" +cxx17build : CFLAGS = -std=c++17 -Wall -Wextra -Wundef -Wshadow -Wcast-align -Werror +cxx17build : clean + $(CXX) -v + CC=$(CC) $(MAKE) -C $(LZ4DIR) all CFLAGS="$(CFLAGS)" + CC=$(CC) $(MAKE) -C $(PRGDIR) all CFLAGS="$(CFLAGS)" + CC=$(CC) $(MAKE) -C $(TESTDIR) all CFLAGS="$(CFLAGS)" + ctocpptest: LIBCC="$(CC)" ctocpptest: TESTCC="$(CXX)" ctocpptest: CFLAGS="" diff --git a/doc/lz4_manual.html b/doc/lz4_manual.html index 356a60d..ee43b8a 100644 --- a/doc/lz4_manual.html +++ b/doc/lz4_manual.html @@ -454,21 +454,18 @@ union LZ4_streamDecode_u {


-
LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe() instead") LZ4LIB_API
-int LZ4_decompress_fast (const char* src, char* dst, int originalSize);
-LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_continue() instead") LZ4LIB_API
-int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int originalSize);
-LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_usingDict() instead") LZ4LIB_API
-int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, const char* dictStart, int dictSize);
-

These functions used to be a bit faster than LZ4_decompress_safe(), - but situation has changed in recent versions. - Now, `LZ4_decompress_safe()` is as fast and sometimes even faster than `LZ4_decompress_fast()`. - Moreover, LZ4_decompress_safe() is protected vs malformed input, while `LZ4_decompress_fast()` is not, making it a security liability. +

These functions used to be faster than LZ4_decompress_safe(), + but it has changed, and they are now slower than LZ4_decompress_safe(). + This is because LZ4_decompress_fast() doesn't know the input size, + and therefore must progress more cautiously in the input buffer to not read beyond the end of block. + On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability. As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated. - Last LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size. - Note that even that functionality could be achieved in a more secure manner if need be, - though it would require new prototypes, and adaptation of the implementation to this new use case. + The last remaining LZ4_decompress_fast() specificity is that + it can decompress a block without knowing its compressed size. + Such functionality could be achieved in a more secure manner, + by also providing the maximum size of input buffer, + but it would require new prototypes, and adaptation of the implementation to this new use case. Parameters: originalSize : is the uncompressed size to regenerate. @@ -477,9 +474,9 @@ int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, The function expects to finish at block's end exactly. If the source stream is detected malformed, the function stops decoding and returns a negative result. note : LZ4_decompress_fast*() requires originalSize. Thanks to this information, it never writes past the output buffer. - However, since it doesn't know its 'src' size, it may read an unknown amount of input, and overflow input buffer. - Also, since match offsets are not validated, match reads from 'src' may underflow. - These issues never happen if input data is correct. + However, since it doesn't know its 'src' size, it may read an unknown amount of input, past input buffer bounds. + Also, since match offsets are not validated, match reads from 'src' may underflow too. + These issues never happen if input (compressed) data is correct. But they may happen if input data is invalid (error or intentional tampering). As a consequence, use these functions in trusted environments with trusted data **only**. diff --git a/lib/lz4.h b/lib/lz4.h index 962f5e6..737a0c7 100644 --- a/lib/lz4.h +++ b/lib/lz4.h @@ -638,9 +638,11 @@ LZ4_DEPRECATED("use LZ4_decompress_fast_usingDict() instead") LZ4LIB_API int LZ4 * On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability. * As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated. * - * Only LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size. - * Even that functionality could be achieved in a more secure manner if need be, - * though it would require new prototypes, and adaptation of the implementation to this new use case. + * The last remaining LZ4_decompress_fast() specificity is that + * it can decompress a block without knowing its compressed size. + * Such functionality could be achieved in a more secure manner, + * by also providing the maximum size of input buffer, + * but it would require new prototypes, and adaptation of the implementation to this new use case. * * Parameters: * originalSize : is the uncompressed size to regenerate. diff --git a/lib/lz4hc.c b/lib/lz4hc.c index d5f6743..031df8f 100644 --- a/lib/lz4hc.c +++ b/lib/lz4hc.c @@ -1396,6 +1396,7 @@ static int LZ4HC_compress_optimal ( LZ4HC_CCtx_internal* ctx, } } } /* for (cur = 1; cur <= last_match_pos; cur++) */ + assert(last_match_pos < LZ4_OPT_NUM + TRAILING_LITERALS); best_mlen = opt[last_match_pos].mlen; best_off = opt[last_match_pos].off; cur = last_match_pos - best_mlen; diff --git a/tests/frametest.c b/tests/frametest.c index 9f7cb8d..bf95beb 100644 --- a/tests/frametest.c +++ b/tests/frametest.c @@ -667,8 +667,8 @@ int basicTests(U32 seed, double compressibility) for (blockSizeID = 4; blockSizeID < 8; ++blockSizeID) { result = LZ4F_getBlockSize(blockSizeID); CHECK(result); - DISPLAYLEVEL(3, "Returned block size of %zu bytes for blockID %u \n", - result, blockSizeID); + DISPLAYLEVEL(3, "Returned block size of %u bytes for blockID %u \n", + (unsigned)result, blockSizeID); } /* Test an invalid input that's too large */ @@ -770,7 +770,8 @@ static void locateBuffDiff(const void* buff1, const void* buff2, size_t size, un const BYTE* b2=(const BYTE*)buff2; DISPLAY("locateBuffDiff: looking for error position \n"); if (nonContiguous) { - DISPLAY("mode %u: non-contiguous output (%zu bytes), cannot search \n", nonContiguous, size); + DISPLAY("mode %u: non-contiguous output (%u bytes), cannot search \n", + nonContiguous, (unsigned)size); return; } while (p < size && b1[p]==b2[p]) p++; diff --git a/tests/fullbench.c b/tests/fullbench.c index 1a52aab..d2af662 100644 --- a/tests/fullbench.c +++ b/tests/fullbench.c @@ -162,13 +162,13 @@ static LZ4_stream_t LZ4_stream; static void local_LZ4_resetDictT(void) { void* const r = LZ4_initStream(&LZ4_stream, sizeof(LZ4_stream)); - assert(r != NULL); + assert(r != NULL); (void)r; } static void local_LZ4_createStream(void) { void* const r = LZ4_initStream(&LZ4_stream, sizeof(LZ4_stream)); - assert(r != NULL); + assert(r != NULL); (void)r; } static int local_LZ4_saveDict(const char* in, char* out, int inSize) diff --git a/tests/fuzzer.c b/tests/fuzzer.c index 78f90a1..9908a7b 100644 --- a/tests/fuzzer.c +++ b/tests/fuzzer.c @@ -490,6 +490,7 @@ static int FUZ_test(U32 seed, U32 nbCycles, const U32 startCycle, const double c /* Test decompress_fast() with input buffer size exactly correct => must not read out of bound */ { char* const cBuffer_exact = (char*)malloc((size_t)compressedSize); assert(cBuffer_exact != NULL); + assert(compressedSize <= compressedBufferSize); memcpy(cBuffer_exact, compressedBuffer, compressedSize); /* Test decoding with output size exactly correct => must work */ @@ -1302,9 +1303,8 @@ static void FUZ_unitTests(int compressionLevel) int iNext = 0; int dNext = 0; int compressedSize; - size_t const testVerifySize = testInputSize; - assert((size_t)dBufferSize * 2 + 1 < testVerifySize); /* space used by ringBufferSafe and ringBufferFast */ + assert((size_t)dBufferSize * 2 + 1 < testInputSize); /* space used by ringBufferSafe and ringBufferFast */ XXH64_reset(&xxhOrig, 0); XXH64_reset(&xxhNewSafe, 0); XXH64_reset(&xxhNewFast, 0); -- cgit v0.12