git.ipfire.org Git - thirdparty/zstd.git/commit

author	Nick Terrell <terrelln@fb.com>
	Fri, 7 Jan 2022 00:00:02 +0000 (16:00 -0800)
committer	Nick Terrell <terrelln@fb.com>
	Fri, 7 Jan 2022 00:10:18 +0000 (16:10 -0800)
commit	4d8a2132d0e453232a46dd448e5137035ba25bee
tree	03e1a3c5fe59c8434eb367265b5071a80e303394	tree
parent	26d88c05f089cc1f562ace949272c8919c93153f	commit \| diff

[opt] Fix oss-fuzz bug in optimal parser

oss-fuzz uncovered a scenario where we're evaluating the cost of litLength = 131072,
which can't be represented in the zstd format, so we accessed 1 beyond LL_bits.

Fix the issue by making it cost 1 bit more than litLength = 131071.

There are still follow ups:
1. This happened because literals_cost[0] = 0, so the optimal parser chose 36 literals
   over a match. Should we bound literals_cost[literal] > 0, unless the block truly only
   has one literal value?
2. When no matches are found, the cost model isn't updated. In this case no matches were
   found for an entire block. So the literals cost model wasn't updated at all. That made
   the optimal parser think literals_cost[0] = 0, where it is actually quite high, since
   the block was entirely random noise.

Credit to OSS-Fuzz.