sharpetronics/zstd
1
0
Fork 0
mirror of https://github.com/facebook/zstd.git synced 2025-10-09 00:05:28 -04:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4129 from facebook/mitigate_32bit

Browse Source 
Limit range of operations on Indexes in 32-bit mode
This commit is contained in:
Yann Collet 2024-08-22 11:00:50 -07:00 committed by GitHub
commit 20707e3718
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/compress/zstd_compress_internal.h
View File

@ -918,11 +918,12 @@ MEM_STATIC U64 ZSTD_rollingHash_rotate(U64 hash, BYTE toRemove, BYTE toAdd, U64
/*-************************************* /*-*************************************
* Round buffer management * Round buffer management
***************************************/ ***************************************/
#if (ZSTD_WINDOWLOG_MAX_64 > 31) /* Max @current value allowed:
# error "ZSTD_WINDOWLOG_MAX is too large : would overflow ZSTD_CURRENT_MAX" * In 32-bit mode: we want to avoid crossing the 2 GB limit,
#endif * reducing risks of side effects in case of signed operations on indexes.
/* Max current allowed */ * In 64-bit mode: we want to ensure that adding the maximum job size (512 MB)
#define ZSTD_CURRENT_MAX ((3U << 29) + (1U << ZSTD_WINDOWLOG_MAX)) * doesn't overflow U32 index capacity (4 GB) */
#define ZSTD_CURRENT_MAX (MEM_64bits() ? 3500U MB : 2000U MB)
/* Maximum chunk size before overflow correction needs to be called again */ /* Maximum chunk size before overflow correction needs to be called again */
#define ZSTD_CHUNKSIZE_MAX \ #define ZSTD_CHUNKSIZE_MAX \
( ((U32)-1) /* Maximum ending current index */ \ ( ((U32)-1) /* Maximum ending current index */ \
@ -1274,8 +1275,9 @@ U32 ZSTD_window_update(ZSTD_window_t* window,
/* if input and dictionary overlap : reduce dictionary (area presumed modified by input) */ /* if input and dictionary overlap : reduce dictionary (area presumed modified by input) */
if ( (ip+srcSize > window->dictBase + window->lowLimit) if ( (ip+srcSize > window->dictBase + window->lowLimit)
& (ip < window->dictBase + window->dictLimit)) { & (ip < window->dictBase + window->dictLimit)) {
ptrdiff_t const highInputIdx = (ip + srcSize) - window->dictBase; size_t const highInputIdx = (size_t)((ip + srcSize) - window->dictBase);
U32 const lowLimitMax = (highInputIdx > (ptrdiff_t)window->dictLimit) ? window->dictLimit : (U32)highInputIdx; U32 const lowLimitMax = (highInputIdx > (size_t)window->dictLimit) ? window->dictLimit : (U32)highInputIdx;
assert(highInputIdx < UINT_MAX);
window->lowLimit = lowLimitMax; window->lowLimit = lowLimitMax;
DEBUGLOG(5, "Overlapping extDict and input : new lowLimit = %u", window->lowLimit); DEBUGLOG(5, "Overlapping extDict and input : new lowLimit = %u", window->lowLimit);
} }