From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Tue, 6 Dec 2022 20:17:17 +0000 (+1300)
Subject: compression/huffman: double check distance in matches (CID 1517278)
X-Git-Tag: talloc-2.4.0~200
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=628f14c149772dc4277c004018b8f02420fa3997;p=thirdparty%2Fsamba.git

compression/huffman: double check distance in matches (CID 1517278)

Because we just wrote the intermediate representation to have no zero
distances, we can be sure it doesn't, but Coverity doesn't know. If
distance is zero, `bitlen_nonzero_16(distance)` would be bad.

   CID 1517278 (#1 of 1): Bad bit shift operation
   (BAD_SHIFT)41. large_shift: In expression 1 << code_dist, left
   shifting by more than 31 bits has undefined behavior. The shift
   amount, code_dist, is 65535.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/lib/compression/lzxpress_huffman.c b/lib/compression/lzxpress_huffman.c
index 4b55c7b7e88..e6ff4ed3b02 100644
--- a/lib/compression/lzxpress_huffman.c
+++ b/lib/compression/lzxpress_huffman.c
@@ -1062,6 +1062,9 @@ static ssize_t write_compressed_bytes(uint16_t symbol_values[512],
 		} else {
 			return LZXPRESS_ERROR;
 		}
+		if (unlikely(distance == 0)) {
+			return LZXPRESS_ERROR;
+		}
 		/* len has already had 3 subtracted */
 		if (len >= 15) {
 			/*