From b3b43f2893fa03da3b8004b449a7ec590f0e1e5b Mon Sep 17 00:00:00 2001 From: Nick Terrell Date: Fri, 27 Jan 2023 11:14:56 -0800 Subject: [PATCH] Fix invalid assert in 32-bit decoding The assert is only correct for valid sequences, so disable it for everything execpt round trip fuzzers. --- lib/decompress/zstd_decompress_block.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/decompress/zstd_decompress_block.c b/lib/decompress/zstd_decompress_block.c index 95a5e109b..0d934043b 100644 --- a/lib/decompress/zstd_decompress_block.c +++ b/lib/decompress/zstd_decompress_block.c @@ -1241,7 +1241,13 @@ ZSTD_decodeSequence(seqState_t* seqState, const ZSTD_longOffset_e longOffsets) offset = ofBase + (BIT_readBitsFast(&seqState->DStream, ofBits - extraBits) << extraBits); BIT_reloadDStream(&seqState->DStream); if (extraBits) offset += BIT_readBitsFast(&seqState->DStream, extraBits); +#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) && defined(FUZZING_ASSERT_VALID_SEQUENCE) + /* This assert is only valid when decoding valid sequences. + * It cal fail when we consume more bits than are in the bitstream, + * which can happen on corruption. + */ assert(extraBits <= LONG_OFFSETS_MAX_EXTRA_BITS_32); /* to avoid another reload */ +#endif } else { offset = ofBase + BIT_readBitsFast(&seqState->DStream, ofBits/*>0*/); /* <= (ZSTD_WINDOWLOG_MAX-1) bits */ if (MEM_32bits()) BIT_reloadDStream(&seqState->DStream);