git.ipfire.org Git - thirdparty/zstd.git/commit

author	Yann Collet <cyan@fb.com>
	Sun, 30 Jan 2022 00:23:21 +0000 (16:23 -0800)
committer	Yann Collet <cyan@fb.com>
	Sun, 30 Jan 2022 00:36:20 +0000 (16:36 -0800)
commit	637b2d7a24faf32b3cd465b6d46d890ed1e8ff6d
tree	158c62c6be6f3d5631f7c07e22cb11dcd9a8df04	tree
parent	c9072dd60a7824f6a8185d30661ccab81bb4d60b	commit \| diff

fixed bug 44168

discovered by oss-fuzz

It's a bug in the test itself :
ZSTD_compressBound() as an upper bound of the compress size
only works for data compressed "normally".
But in situations where many flushes are forcefully introduced,
this creates many more blocks,
each of which has a potential to increase the size by 3 bytes.
In extreme cases (lots of small incompressible blocks), the expansion can go beyond ZSTD_compressBound().

This situation is similar when using the CompressSequences() API
with Explicit Block Delimiters.
In which case, each explicit block acts like a deliberate flush.
When employed by a fuzzer, it's possible to generate scenarios like the one described above,
with tons of incompressible blocks of small sizes,
thus going beyond ZSTD_compressBound().

fix : when using Explicit Block Delimiters, use a larger bound, to account for this scenario.

lib/common/zstd_internal.h		diff \| blob \| blame \| history
lib/compress/zstd_compress.c		diff \| blob \| blame \| history
tests/fuzz/sequence_compression_api.c		diff \| blob \| blame \| history