From: W. Felix Handte <w@felixhandte.com>
Date: Wed, 23 May 2018 16:51:09 +0000 (-0400)
Subject: Disallow Too-Long Repcodes When Using an Attached Dict
X-Git-Tag: v1.3.5~3^2~37^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bfe43267e63718be3f7e499f8dd3c2f5dd5e89f;p=thirdparty%2Fzstd.git

Disallow Too-Long Repcodes When Using an Attached Dict
---

diff --git a/lib/compress/zstd_double_fast.c b/lib/compress/zstd_double_fast.c
index d415791be..711bf41ab 100644
--- a/lib/compress/zstd_double_fast.c
+++ b/lib/compress/zstd_double_fast.c
@@ -85,17 +85,23 @@ size_t ZSTD_compressBlock_doubleFast_generic(
     const U32 dictIndexDelta       = dictMode == ZSTD_dictMatchState ?
                                      prefixLowestIndex - (U32)(dictEnd - dictBase) :
                                      0;
+    const U32 dictAndPrefixLength  = (U32)(ip - prefixLowest + dictEnd - dictLowest);
 
     assert(dictMode == ZSTD_noDict || dictMode == ZSTD_dictMatchState);
 
     /* init */
-    ip += (dictMode == ZSTD_noDict && ip == prefixLowest);
-    {   U32 const maxRep = dictMode == ZSTD_dictMatchState ?
-                           (U32)(ip - dictLowest) :
-                           (U32)(ip - prefixLowest);
+    ip += (dictAndPrefixLength == 0);
+    if (dictMode == ZSTD_noDict) {
+        U32 const maxRep = (U32)(ip - prefixLowest);
         if (offset_2 > maxRep) offsetSaved = offset_2, offset_2 = 0;
         if (offset_1 > maxRep) offsetSaved = offset_1, offset_1 = 0;
     }
+    if (dictMode == ZSTD_dictMatchState) {
+        /* dictMatchState repCode checks don't currently handle repCode == 0
+         * disabling. */
+        assert(offset_1 <= dictAndPrefixLength);
+        assert(offset_2 <= dictAndPrefixLength);
+    }
 
     /* Main Search Loop */
     while (ip < ilimit) {   /* < instead of <=, because repcode check at (ip+1) */