From: Nick Terrell <terrelln@fb.com>
Date: Tue, 19 Sep 2017 20:46:07 +0000 (-0700)
Subject: [libzstd] Fix bad window size assert
X-Git-Tag: fuzz-corpora~4^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18442a31ff4b87263a6138369e8d0880346af0bd;p=thirdparty%2Fzstd.git

[libzstd] Fix bad window size assert

The window size is not validated or used in the one-pass API, so there
shouldn't be an assert based on it.

fix-fuzz-failure
---

diff --git a/lib/decompress/zstd_decompress.c b/lib/decompress/zstd_decompress.c
index 6d6d83396..91518990e 100644
--- a/lib/decompress/zstd_decompress.c
+++ b/lib/decompress/zstd_decompress.c
@@ -1372,8 +1372,9 @@ static size_t ZSTD_decompressBlock_internal(ZSTD_DCtx* dctx,
      * conservative.
      */
     ZSTD_longOffset_e const isLongOffset = (ZSTD_longOffset_e)(MEM_32bits() && (!frame || dctx->fParams.windowSize > (1ULL << STREAM_ACCUMULATOR_MIN)));
-    /* We don't expect window sizes this big. */
-    assert(!frame || dctx->fParams.windowSize <= (1ULL << STREAM_ACCUMULATOR_MIN_64));
+    /* windowSize could be any value at this point, since it is only validated
+     * in the streaming API.
+     */
     DEBUGLOG(5, "ZSTD_decompressBlock_internal");
 
     if (srcSize >= ZSTD_BLOCKSIZE_MAX) return ERROR(srcSize_wrong);