From: Bimba Shrestha <bimbashrestha@fb.com>
Date: Wed, 4 Dec 2019 18:02:17 +0000 (-0800)
Subject: [fuzz] msan uninitialized unsigned value (#1908)
X-Git-Tag: v1.4.5^2~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49c6d492479227644e60c2caa15a6334f302f6ea;p=thirdparty%2Fzstd.git

[fuzz] msan uninitialized unsigned value (#1908)

Fixes new fuzz issue

Credit to OSS-Fuzz

* Initializing unsigned value

* Initialilzing to 1 instead of 0 because its more conservative

* Unconditionoally setting to check first and then checking zero

* Moving bool to before block for c90

* Move check set before block
---

diff --git a/lib/compress/zstd_compress.c b/lib/compress/zstd_compress.c
index 682c9c047..16476f6fa 100644
--- a/lib/compress/zstd_compress.c
+++ b/lib/compress/zstd_compress.c
@@ -2858,9 +2858,10 @@ size_t ZSTD_loadCEntropy(ZSTD_compressedBlockState_t* bs, void* workspace,
     const BYTE* dictPtr = (const BYTE*)dict;    /* skip magic num and dict ID */
     const BYTE* const dictEnd = dictPtr + dictSize;
     dictPtr += 8;
+    bs->entropy.huf.repeatMode = HUF_repeat_check;
 
     {   unsigned maxSymbolValue = 255;
-        unsigned hasZeroWeights;
+        unsigned hasZeroWeights = 1;
         size_t const hufHeaderSize = HUF_readCTable((HUF_CElt*)bs->entropy.huf.CTable, &maxSymbolValue, dictPtr,
             dictEnd-dictPtr, &hasZeroWeights);
 
@@ -2868,7 +2869,6 @@ size_t ZSTD_loadCEntropy(ZSTD_compressedBlockState_t* bs, void* workspace,
          * weights. Otherwise, we set it to check */
         if (!hasZeroWeights)
             bs->entropy.huf.repeatMode = HUF_repeat_valid;
-        else bs->entropy.huf.repeatMode = HUF_repeat_check;
 
         RETURN_ERROR_IF(HUF_isError(hufHeaderSize), dictionary_corrupted);
         RETURN_ERROR_IF(maxSymbolValue < 255, dictionary_corrupted);