git.ipfire.org Git - thirdparty/zstd.git/commit

author	Nick Terrell <terrelln@fb.com>
	Thu, 15 Dec 2022 21:43:27 +0000 (13:43 -0800)
committer	Nick Terrell <nickrterrell@gmail.com>
	Thu, 15 Dec 2022 22:41:50 +0000 (14:41 -0800)
commit	a91e7ec175d4f73b54a2d7ebf22d86d262ffb01d
tree	90670064d2480133640ea393f6600bb0c8e89081	tree \| snapshot
parent	6be3181307f6bb3824eb322db67675f393671266	commit \| diff

Fix corruption that rarely occurs in 32-bit mode with wlog=25

Fix an off-by-one error in the compressor that emits corrupt blocks if:

* Zstd is compiled in 32-bit mode
* The windowLog == 25 exactly
* An offset of 2^25-3, 2^25-2, 2^25-1, or 2^25 is emitted
* The bitstream had 7 bits leftover before writing the offset

This bug has been present since before v1.0, but wasn't able to easily
be triggered, since until somewhat recently zstd wasn't able to find
matches that were within 128KB of the window size.

Add a test case, and fix 2 bugs in `ZSTD_compressSequences()`:
* The `ZSTD_isRLE()` check was incorrect. It wouldn't produce
corruption, but it could waste CPU and not emit RLE even if the block
was RLE
* One windowSize was `1 << windowLog`, not `1u << windowLog`

Thanks to @tansy for finding the issue, and giving us a reproducer!

Fixes Issue #3350.

lib/compress/zstd_compress.c		diff \| blob \| blame \| history
tests/zstreamtest.c		diff \| blob \| blame \| history