From 7c32101c655d93b61fc212dcd512b87119dd7333 Mon Sep 17 00:00:00 2001 From: Nick Terrell Date: Thu, 18 Jul 2019 12:20:29 -0700 Subject: [PATCH] [LZ4_compress_destSize] Fix off-by-one error in fix The next match is looking at the current ip, not the next ip, so it needs to be cleared as well. Credit to OSS-Fuzz --- lib/lz4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/lz4.c b/lib/lz4.c index 74a9247..70424b9 100644 --- a/lib/lz4.c +++ b/lib/lz4.c @@ -1042,7 +1042,7 @@ _next_match: */ const BYTE* ptr; DEBUGLOG(5, "Clearing %u positions", (U32)(filledIp - ip)); - for (ptr = ip + 1; ptr <= filledIp; ++ptr) { + for (ptr = ip; ptr <= filledIp; ++ptr) { U32 const h = LZ4_hashPosition(ptr, tableType); LZ4_clearHash(h, cctx->hashTable, tableType); }