[libzstd] Fix UBSAN failure

author Nick Terrell <terrelln@fb.com>

Mon, 19 Jun 2017 22:12:28 +0000 (15:12 -0700)

committer Nick Terrell <terrelln@fb.com>

Mon, 19 Jun 2017 22:12:28 +0000 (15:12 -0700)
author Nick Terrell <terrelln@fb.com>
Mon, 19 Jun 2017 22:12:28 +0000 (15:12 -0700)
committer Nick Terrell <terrelln@fb.com>
Mon, 19 Jun 2017 22:12:28 +0000 (15:12 -0700)
diff --git a/lib/compress/zstd_compress.c b/lib/compress/zstd_compress.c

index 3ba1748f07e23012eab3498ea225f19af1f5544c..d5de46a49b7e09251bef1449b1252ab5c062990c 100644 (file)
--- a/lib/compress/zstd_compress.c
+++ b/lib/compress/zstd_compress.c
@@ -2136,15 +2136,19 @@ void ZSTD_compressBlock_lazy_generic(ZSTD_CCtx* ctx,
              break;  /* nothing found : store previous solution */
          }
  
+        /* NOTE:
+         * start[-offset+ZSTD_REP_MOVE-1] is undefined behavior.
+         * (-offset+ZSTD_REP_MOVE-1) is unsigned, and is added to start, which
+         * overflows the pointer, which is undefined behavior.
+         */
          /* catch up */
          if (offset) {
              while ( (start > anchor)
                   && (start > base+offset-ZSTD_REP_MOVE)
-                 && (start[-1] == start[-1-offset+ZSTD_REP_MOVE]) )  /* only search for offset within prefix */
+                 && (start[-1] == (start-offset+ZSTD_REP_MOVE)[-1]) )  /* only search for offset within prefix */
                  { start--; matchLength++; }
              offset_2 = offset_1; offset_1 = (U32)(offset - ZSTD_REP_MOVE);
          }
-
          /* store sequence */
  _storeSequence:
          {   size_t const litLength = start - anchor;
author	Nick Terrell <terrelln@fb.com>
	Mon, 19 Jun 2017 22:12:28 +0000 (15:12 -0700)
committer	Nick Terrell <terrelln@fb.com>
	Mon, 19 Jun 2017 22:12:28 +0000 (15:12 -0700)