From: senhuang42 <senhuang96@fb.com>
Date: Wed, 30 Sep 2020 15:25:51 +0000 (-0400)
Subject: Add extra bounds check to prevent heap access after free ASAN error
X-Git-Tag: v1.4.7~57^2~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65f9cfeeec29724b5d48da088f7f325af1cfc01a;p=thirdparty%2Fzstd.git

Add extra bounds check to prevent heap access after free ASAN error
---

diff --git a/lib/compress/zstd_opt.c b/lib/compress/zstd_opt.c
index 1c1700328..d6c728462 100644
--- a/lib/compress/zstd_opt.c
+++ b/lib/compress/zstd_opt.c
@@ -986,11 +986,11 @@ ZSTD_compressBlock_opt_generic(ZSTD_matchState_t* ms,
      * since the base shifts back 131072 bytes (1 block) after the first block. The consequence is that
      * we should insert 35373 bytes into the 8th block, rather than 35373 bytes into the 7th block.
      */
-    if (ms->ldmSeqStore.size > 0) {
+    if (ms->ldmSeqStore.size > 0 && ms->ldmSeqStore.pos != ms->ldmSeqStore.size) {
         if (ms->ldmSeqStore.base != base) {
             int baseDiff = (int)(ms->ldmSeqStore.base - base);
             ms->ldmSeqStore.seq[ms->ldmSeqStore.pos].litLength += baseDiff;
-            ms->ldmSeqStore.base = ms->window.base;
+            ms->ldmSeqStore.base = base;
         }
         ldm_getNextMatch(&ms->ldmSeqStore, &ldmStartPosInBlock,
                          &ldmEndPosInBlock, &ldmOffset,