AuroraMiddleware/lz4
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #509 from svpv/clarifyFastRisks

Browse Source 
lz4.h: clarify the risks of using LZ4_decompress_fast()
This commit is contained in:
Yann Collet 2018-04-22 19:30:24 -07:00 committed by GitHub
commit 996d211aca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/lz4.h
View File

@ -206,15 +206,17 @@ LZ4LIB_API int LZ4_compress_destSize (const char* src, char* dst, int* srcSizePt
/*! /*!
LZ4_decompress_fast() : **unsafe!** LZ4_decompress_fast() : **unsafe!**
This function is a bit faster than LZ4_decompress_safe(), This function is a bit faster than LZ4_decompress_safe(),
but doesn't provide any security guarantee. but it may misbehave on malformed input because it doesn't perform full validation of compressed data.
originalSize : is the uncompressed size to regenerate originalSize : is the uncompressed size to regenerate
Destination buffer must be already allocated, and its size must be >= 'originalSize' bytes. Destination buffer must be already allocated, and its size must be >= 'originalSize' bytes.
return : number of bytes read from source buffer (== compressed size). return : number of bytes read from source buffer (== compressed size).
If the source stream is detected malformed, the function stops decoding and return a negative result. If the source stream is detected malformed, the function stops decoding and return a negative result.
note : This function respects memory boundaries for *properly formed* compressed data. note : This function is only usable if the originalSize of uncompressed data is known in advance.
However, it does not provide any protection against malicious input. The caller should also check that all the compressed input has been consumed properly,
It also doesn't know 'src' size, and implies it's >= compressed size. i.e. that the return value matches the size of the buffer with compressed input.
Use this function in trusted environment **only**. The function never writes past the output buffer. However, since it doesn't know its 'src' size,
it may read past the intended input. Also, because match offsets are not validated during decoding,
reads from 'src' may underflow. Use this function in trusted environment **only**.
*/ */
LZ4LIB_API int LZ4_decompress_fast (const char* src, char* dst, int originalSize); LZ4LIB_API int LZ4_decompress_fast (const char* src, char* dst, int originalSize);