From bdb5bcefff1c09592e2a85e38eac8e9c493ecef9 Mon Sep 17 00:00:00 2001 From: Yann Collet Date: Wed, 2 Jul 2014 22:03:58 +0100 Subject: [PATCH] update to r119 --- Makefile | 2 +- NEWS | 3 +++ programs/Makefile | 2 +- programs/fuzzer.c | 13 ++++++++----- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index b6343a7..c931d1e 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ # ################################################################ # Version numbers -export RELEASE=rc119 +export RELEASE=r119 LIBVER_MAJOR=1 LIBVER_MINOR=2 LIBVER_PATCH=0 diff --git a/NEWS b/NEWS index 5e5dbe1..ff2cd53 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +r119: +Fix : overflow address, 32-bits mode (issue 134) + r118: New : LZ4 Streaming API (Fast version), special thanks to Takayuki Matsuoka New : datagen : parametrable synthetic data generator for tests diff --git a/programs/Makefile b/programs/Makefile index ff45903..a3e01a4 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -30,7 +30,7 @@ # fullbench32: Same as fullbench, but forced to compile in 32-bits mode # ################################################################ -RELEASE=rc119 +RELEASE=r119 DESTDIR= PREFIX=/usr CC:=$(CC) diff --git a/programs/fuzzer.c b/programs/fuzzer.c index d5ff318..b745be9 100644 --- a/programs/fuzzer.c +++ b/programs/fuzzer.c @@ -26,6 +26,9 @@ Remove Visual warning messages **************************************/ #define _CRT_SECURE_NO_WARNINGS // fgets +#ifdef _MSC_VER /* Visual Studio */ +# pragma warning(disable : 4127) /* disable: C4127: conditional expression is constant */ +#endif /************************************** @@ -232,7 +235,7 @@ int FUZ_Issue134() return 0; } { - size_t sizeToGenerateOverflow = - ((size_t)buffers[nbBuff-1]) + 512; + size_t sizeToGenerateOverflow = (size_t)(- ((size_t)buffers[nbBuff-1]) + 512); size_t nbOf255 = (sizeToGenerateOverflow / 255) + 1; char* input = buffers[nbBuff-1]; char* output = buffers[nbBuff]; @@ -243,13 +246,13 @@ int FUZ_Issue134() input[3] = 0xFF; for(i = 3; (size_t)i <= nbOf255+4; i++) input[i] = 0xff; r = LZ4_decompress_safe(input, output, nbOf255+64, BLOCKSIZE_I134); - printf(" Literal overflow passed (return = %i < 0)\n",r); + printf(" Literal overflow detected (return = %i < 0)\n",r); input[0] = 0x1F; // Match length overflow input[1] = 0x01; input[2] = 0x01; input[3] = 0x00; r = LZ4_decompress_safe(input, output, nbOf255+64, BLOCKSIZE_I134); - printf(" Match overflow passed (return = %i < 0)\n",r); + printf(" Match overflow detected (return = %i < 0)\n",r); if (nbBuff>=2) { output = buffers[nbBuff-2]; @@ -259,13 +262,13 @@ int FUZ_Issue134() input[2] = 0xFF; input[3] = 0xFF; r = LZ4_decompress_safe(input, output, nbOf255+64, BLOCKSIZE_I134); - printf(" Literal overflow passed (return = %i < 0)\n",r); + printf(" Literal overflow detected (return = %i < 0)\n",r); input[0] = 0x1F; // Match length overflow input[1] = 0x01; input[2] = 0x01; input[3] = 0x00; r = LZ4_decompress_safe(input, output, nbOf255+64, BLOCKSIZE_I134); - printf(" Match overflow passed (return = %i < 0)\n",r); + printf(" Match overflow detected (return = %i < 0)\n",r); } } free (buffers[nbBuff]); nbBuff--;