From d52302e9cb04a26c03219da3be74ed68d37cf5d3 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 25 Aug 2008 01:40:31 +0000 Subject: *** empty log message *** --- Changes | 8 ++++++-- lzf.h | 15 ++++++++------- lzf_c.c | 43 +++++++++++++++++++++++-------------------- 3 files changed, 37 insertions(+), 29 deletions(-) diff --git a/Changes b/Changes index 37d2d32..ef1f609 100644 --- a/Changes +++ b/Changes @@ -1,5 +1,9 @@ +3.3 Mon Aug 25 03:17:42 CEST 2008 + - lzf_compress could access memory after the given input buffer + when outputting back references. reported with nice testcase + by Clément Calmels. -3.2 +3.2 Fri May 9 18:52:23 CEST 2008 - include a workaround for failing POSIX and real-world compliance on 64 bit windows (microsoft claims to support POSIX, but is far from it). (bug found and analysed nicely by John Lilley). @@ -55,7 +59,7 @@ 1.51 Thu Apr 14 22:15:46 CEST 2005 - incorporated C♯ implementation of both the en- and decoder, - written by "Oren J. Maurice ". + written by "Oren J. Maurice". You can find it in the cs/ subdirectory. - make FRST, NEXT IDX overridable if lzf_c.c is directly included in the code. diff --git a/lzf.h b/lzf.h index 1b6da21..919b6e6 100644 --- a/lzf.h +++ b/lzf.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2007 Marc Alexander Lehmann + * Copyright (c) 2000-2008 Marc Alexander Lehmann * * Redistribution and use in source and binary forms, with or without modifica- * tion, are permitted provided that the following conditions are met: @@ -46,18 +46,19 @@ ** ***********************************************************************/ -#define LZF_VERSION 0x0105 /* 1.5 */ +#define LZF_VERSION 0x0105 /* 1.5, API version */ /* * Compress in_len bytes stored at the memory block starting at * in_data and write the result to out_data, up to a maximum length * of out_len bytes. * - * If the output buffer is not large enough or any error occurs - * return 0, otherwise return the number of bytes used (which might - * be considerably larger than in_len, so it makes sense to always - * use out_len == in_len - 1), to ensure _some_ compression, and store - * the data uncompressed otherwise. + * If the output buffer is not large enough or any error occurs return 0, + * otherwise return the number of bytes used, which might be considerably + * more than in_len (but less than 104% of the original size), so it + * makes sense to always use out_len == in_len - 1), to ensure _some_ + * compression, and store the data uncompressed otherwise (with a flag, of + * course. * * lzf_compress might use different algorithms on different systems and * even different runs, thus might result in different compressed strings diff --git a/lzf_c.c b/lzf_c.c index c1847f3..848aa22 100644 --- a/lzf_c.c +++ b/lzf_c.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2007 Marc Alexander Lehmann + * Copyright (c) 2000-2008 Marc Alexander Lehmann * * Redistribution and use in source and binary forms, with or without modifica- * tion, are permitted provided that the following conditions are met: @@ -208,7 +208,7 @@ lzf_compress (const void *const in_data, unsigned int in_len, break; } - len -= 2; + len -= 2; /* len is now #octets - 1 */ ip++; if (len < 7) @@ -223,31 +223,34 @@ lzf_compress (const void *const in_data, unsigned int in_len, *op++ = off; + if (expect_true (ip + len < in_end - 2)) + { #if ULTRA_FAST || VERY_FAST - ip += len; -#if VERY_FAST && !ULTRA_FAST - --ip; -#endif - hval = FRST (ip); + ip += len; +# if VERY_FAST && !ULTRA_FAST + --ip; +# endif + hval = FRST (ip); - hval = NEXT (hval, ip); - htab[IDX (hval)] = ip; - ip++; + hval = NEXT (hval, ip); + htab[IDX (hval)] = ip; + ip++; -#if VERY_FAST && !ULTRA_FAST - hval = NEXT (hval, ip); - htab[IDX (hval)] = ip; - ip++; -#endif -#else - do - { +# if VERY_FAST && !ULTRA_FAST hval = NEXT (hval, ip); htab[IDX (hval)] = ip; ip++; - } - while (len--); +# endif +#else + do + { + hval = NEXT (hval, ip); + htab[IDX (hval)] = ip; + ip++; + } + while (len--); #endif + } lit = 0; op++; /* start run */ } -- cgit v1.2.3