Commit Graph

1899 Commits

Author SHA1 Message Date
Cyan4973
cd0663456f disable shortcut for LZ4_decompress_fast()
improving speed
2018-04-23 15:47:08 -07:00
Cyan4973
bd06fde104 fullbench compiled without assert()
to better reflect release speed
2018-04-23 15:42:27 -07:00
Yann Collet
57cc7daf22
Merge pull request #510 from terrelln/bug-fix
Fix input size validation edge cases
2018-04-23 15:28:19 -07:00
Nick Terrell
672799e814 Fix compilation error and assert. 2018-04-23 14:21:02 -07:00
Nick Terrell
bb83cad98f Fix input size validation edge cases
The bug is a read up to 2 bytes past the end of the buffer.
There are three cases for this bug, one for each test case added.

* An empty input causes `token = *ip++` to read one byte too far.
* A one byte input with `(token >> ML_BITS) == RUN_MASK` causes
  one extra byte to be read without validation. This could be
  combined with the first bug to cause 2 extra bytes to be read.
* The case pointed out in issue #508, where `ip == iend` at the
  beginning of the loop after taking the shortcut.

Benchmarks show no regressions on clang or gcc-7 on both my mac
and devserver.

Fixes #508.
2018-04-23 13:34:18 -07:00
Yann Collet
996d211aca
Merge pull request #509 from svpv/clarifyFastRisks
lz4.h: clarify the risks of using LZ4_decompress_fast()
2018-04-22 19:30:24 -07:00
Alexey Tourbin
ab06ef97bb lz4.h: clarify the risks of using LZ4_decompress_fast()
The notes about "security guarantee" and "malicious inputs" seemed
a bit non-technical to me, so I took the liberty to tone them down
and instead describe the actual risks in technical terms.  Namely,
the function never writes past the end of the output buffer, so
a direct hostile takeover (resulting in arbitrary code execution
soon after the return from the function) is not possible.  However,
the application can crash because of reads from unmapped pages.

I also took the liberty to describe what I believe is the only sensible
usage scenario for the function: "This function is only usable if the
originalSize of uncompressed data is known in advance," etc.
2018-04-23 02:13:49 +03:00
Cyan4973
d1f21883d6 fixed incorrect comment 2018-04-21 00:11:51 -07:00
Yann Collet
a8a5dfd426 fixed clang performance in lz4_fast
The simple change from
`matchIndex+MAX_DISTANCE < current`
towards
`current - matchIndex > MAX_DISTANCE`

is enough to generate a 10% performance drop under clang.
Quite massive.
(I missed as my eyes were concentrated on gcc performance at that time).

The second version is more robust, because it also survives a situation where
`matchIndex > current`
due to overflows.

The first version requires matchIndex to not overflow.
Hence were added `assert()` conditions.

The only case where this can happen is with dictCtx compression,
in the case where the dictionary context is not initialized before loading the dictionary.
So it's enough to always initialize the context while loading the dictionary.
2018-04-20 18:09:51 -07:00
W. Felix Handte
ee67f25576 Change vLimit Calculation 2018-04-20 20:18:30 -04:00
W. Felix Handte
1895fa19a4 Remove Redundant Static Assert 2018-04-20 20:14:12 -04:00
W. Felix Handte
fcc99d1f31 Simpler loadDict() Reset 2018-04-20 19:37:28 -04:00
W. Felix Handte
a8cb2feffd Tolerate Base Pointer Underflow 2018-04-20 19:37:07 -04:00
W. Felix Handte
85cac61dd8 Don't Segfault on Malloc Failure 2018-04-20 19:35:51 -04:00
W. Felix Handte
756ed402da Sign-Extend -1 to Pointer Width 2018-04-20 17:56:26 -04:00
W. Felix Handte
86b381e40b Fix Constant Value 2018-04-20 17:13:40 -04:00
W. Felix Handte
1d2500d44e Handle Index Underflows Safely 2018-04-20 17:13:03 -04:00
W. Felix Handte
7874cf06b3 Consts and Asserts and Other Minor Nits 2018-04-20 15:30:08 -04:00
W. Felix Handte
209c9c29d1 Add Some Simple Fuzzer Tests 2018-04-20 15:16:41 -04:00
W. Felix Handte
3f087cf1cb Add Comments on New Public APIs 2018-04-20 15:00:53 -04:00
W. Felix Handte
d7347f9eea Add API for Attaching Dictionaries 2018-04-20 14:59:34 -04:00
W. Felix Handte
ca833f928f Also Reset the Chain Table 2018-04-20 14:16:27 -04:00
W. Felix Handte
8f118cf6e9 Remove inputBuffer from Context, Work Around its Absence 2018-04-20 14:08:06 -04:00
W. Felix Handte
0064e8ebc7 Remove Commented Out Support for Match Continuation over Segment Boundary 2018-04-20 13:14:37 -04:00
W. Felix Handte
14c577d4c9 Fix Signedness of Comparison 2018-04-19 20:54:35 -04:00
W. Felix Handte
f4b13e17ea Don't Clear the Dictionary Context Until No Longer Useful 2018-04-19 20:54:35 -04:00
W. Felix Handte
0abc23f72e Copy DictCtx into Working Context on Inputs Larger than 4 KB 2018-04-19 20:54:35 -04:00
W. Felix Handte
b67de2a327 Force Inline on HashChain 2018-04-19 20:54:35 -04:00
W. Felix Handte
22e16d5b50 Split DictCtx-using Code Into Separate Inlining Chain 2018-04-19 20:54:35 -04:00
W. Felix Handte
0a2abacd90 Use Fast Reset in LZ4F Again 2018-04-19 20:54:35 -04:00
W. Felix Handte
61c7ceffed Use Fast Reset API in LZ4F 2018-04-19 20:54:35 -04:00
W. Felix Handte
3591fe8ab8 Add Fast Reset Paths 2018-04-19 20:54:35 -04:00
W. Felix Handte
8db291bc1d Remove Match Upper Bounds Check 2018-04-19 20:54:35 -04:00
W. Felix Handte
8f9a2db0e1 Fix Some Cast/Conversion Warnings 2018-04-19 20:54:35 -04:00
W. Felix Handte
221211d7d0 Fix Offset Math 2018-04-19 20:54:35 -04:00
W. Felix Handte
a1beba13f7 Reset Stream in LZ4_compress_HC 2018-04-19 20:54:35 -04:00
W. Felix Handte
bdd7af6f71 Don't Bother Clearing Chain Table for Working Contexts 2018-04-19 20:54:35 -04:00
W. Felix Handte
895e76cc20 Push Previous Compression Offsets into the Past 2018-04-19 20:54:35 -04:00
W. Felix Handte
22db704a73 Shift Dict Limit Checks out of the Loop 2018-04-19 20:54:35 -04:00
W. Felix Handte
4f7b7a8ffa Clear Tables on Dict Load 2018-04-19 20:54:35 -04:00
W. Felix Handte
b88a0b4e88 Only Perform Dict Lookup if Attempts Remain 2018-04-19 20:54:35 -04:00
W. Felix Handte
b6c35ed642 Avoid Resetting Chain Table 2018-04-19 20:54:35 -04:00
W. Felix Handte
595ea58289 Avoid Resetting Hash Table 2018-04-19 20:54:35 -04:00
W. Felix Handte
66d217e240 Perform Lookups into the Dictionary Context 2018-04-19 20:54:35 -04:00
W. Felix Handte
6289ff4fb1 Call LZ4F_applyCDict Even on NULL CDict 2018-04-19 20:54:35 -04:00
W. Felix Handte
fdeead0b09 Set dictCtx Rather than memcpy'ing Ctx 2018-04-19 20:54:35 -04:00
W. Felix Handte
a992d11fc2 Fully Bounds Check Hash Table Reads 2018-04-19 20:54:35 -04:00
W. Felix Handte
f895b9a6c6 Add a Dictionary Context Pointer to the HC Context 2018-04-19 20:54:35 -04:00
W. Felix Handte
e75153f508 Add Debug Log Statements to HC 2018-04-19 20:54:35 -04:00
W. Felix Handte
e0d8add791 Fix Framebench Output Buffer Sizing 2018-04-19 20:45:48 -04:00