From: Nick Terrell <terrelln@fb.com>
Date: Fri, 8 Oct 2021 18:17:40 +0000 (-0700)
Subject: [ldm] Fix ZSTD_c_ldmHashRateLog bounds check
X-Git-Tag: v1.5.1~1^2~80^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2819%2Fhead;p=thirdparty%2Fzstd.git

[ldm] Fix ZSTD_c_ldmHashRateLog bounds check

There is no minimum value check, so the parameter could be negative.
Switch to the standard pattern of using `BOUNDCHECK()`.

The bug was reported by Dan Carpenter and found by Smatch static
checker.

https://lore.kernel.org/all/20211008063704.GA5370@kili/
---

diff --git a/lib/compress/zstd_compress.c b/lib/compress/zstd_compress.c
index 9e2fb3193..edfd7eb07 100644
--- a/lib/compress/zstd_compress.c
+++ b/lib/compress/zstd_compress.c
@@ -866,8 +866,8 @@ size_t ZSTD_CCtxParams_setParameter(ZSTD_CCtx_params* CCtxParams,
         return CCtxParams->ldmParams.bucketSizeLog;
 
     case ZSTD_c_ldmHashRateLog :
-        RETURN_ERROR_IF(value > ZSTD_WINDOWLOG_MAX - ZSTD_HASHLOG_MIN,
-                        parameter_outOfBound, "Param out of bounds!");
+        if (value!=0)   /* 0 ==> default */
+            BOUNDCHECK(ZSTD_c_ldmHashRateLog, value);
         CCtxParams->ldmParams.hashRateLog = value;
         return CCtxParams->ldmParams.hashRateLog;