From f181799082c65a7f532dbcccb027dd7618f551d4 Mon Sep 17 00:00:00 2001
From: Yann Collet <cyan@fb.com>
Date: Sat, 20 Oct 2018 18:53:02 -0700
Subject: [PATCH] fix decodecorpus incorrect frame generation

fix #1379
decodecorpus was generating one extraneous byte when `nbSeq==0`.
This is disallowed by the specification.

The reference decoder was just skipping the extraneous byte.
It is now stricter, and flag such situation as an error.
---
 lib/decompress/zstd_decompress.c |   8 ++++++--
 programs/windres/zstd32.res      | Bin 1044 -> 1044 bytes
 programs/windres/zstd64.res      | Bin 1044 -> 1044 bytes
 tests/decodecorpus.c             |   7 +++----
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/decompress/zstd_decompress.c b/lib/decompress/zstd_decompress.c
index 711b5b6d7..4a4930f07 100644
--- a/lib/decompress/zstd_decompress.c
+++ b/lib/decompress/zstd_decompress.c
@@ -975,7 +975,7 @@ static const U32 ML_base[MaxML+1] = {
                     67, 83, 99, 0x83, 0x103, 0x203, 0x403, 0x803,
                     0x1003, 0x2003, 0x4003, 0x8003, 0x10003 };
 
-/* Hidden delcaration for fullbench */
+/* Function required by fullbench; Hidden declaration to respect -Wmissing-prototypes */
 size_t ZSTD_decodeSeqHeaders(ZSTD_DCtx* dctx, int* nbSeqPtr,
                              const void* src, size_t srcSize);
 
@@ -993,7 +993,11 @@ size_t ZSTD_decodeSeqHeaders(ZSTD_DCtx* dctx, int* nbSeqPtr,
 
     /* SeqHead */
     nbSeq = *ip++;
-    if (!nbSeq) { *nbSeqPtr=0; return 1; }
+    if (!nbSeq) {
+        *nbSeqPtr=0;
+        if (srcSize != 1) return ERROR(srcSize_wrong);
+        return 1;
+    }
     if (nbSeq > 0x7F) {
         if (nbSeq == 0xFF) {
             if (ip+2 > iend) return ERROR(srcSize_wrong);
diff --git a/programs/windres/zstd32.res b/programs/windres/zstd32.res
index 276cb20b7871cc800fb8f6f7b792520c5e6e7957..2c2b9b01e53c7bbb4fa4e845fb51edd30b84475e 100644
GIT binary patch
delta 33
nc-ou7F@<BoDNc3<W(GzE1_t(xmvb2z%{MzTr30zSE19zag<c34

delta 33
nc-ou7F@<BoDNZ&9W(GzE1_ri`mvb2z%{DtSr30zSE19zag&_zO

diff --git a/programs/windres/zstd64.res b/programs/windres/zstd64.res
index 3eb0162f01a76591ac25bd5049ebc06d1cd510aa..4a37157eabe4a269b57bbc774f867eb3eecfea10 100644
GIT binary patch
delta 33
nc-ou7F@<BoDNc3<W(GzE1_t(xmvb2z%{MzTr30zSE19zag<c34

delta 33
nc-ou7F@<BoDNZ&9W(GzE1_ri`mvb2z%{DtSr30zSE19zag&_zO

diff --git a/tests/decodecorpus.c b/tests/decodecorpus.c
index 2c2276004..4c5542e31 100644
--- a/tests/decodecorpus.c
+++ b/tests/decodecorpus.c
@@ -823,15 +823,14 @@ static size_t writeSequences(U32* seed, frame_t* frame, seqStore_t* seqStorePtr,
     else if (nbSeq < LONGNBSEQ) op[0] = (BYTE)((nbSeq>>8) + 0x80), op[1] = (BYTE)nbSeq, op+=2;
     else op[0]=0xFF, MEM_writeLE16(op+1, (U16)(nbSeq - LONGNBSEQ)), op+=3;
 
-    /* seqHead : flags for FSE encoding type */
-    seqHead = op++;
-
     if (nbSeq==0) {
         frame->data = op;
-
         return 0;
     }
 
+    /* seqHead : flags for FSE encoding type */
+    seqHead = op++;
+
     /* convert length/distances into codes */
     ZSTD_seqToCodes(seqStorePtr);
 
-- 
2.47.2