CC=$(CC) $(MAKE) -C $(PRGDIR) all CFLAGS="$(CFLAGS)"
CC=$(CC) $(MAKE) -C $(TESTDIR) all CFLAGS="$(CFLAGS)"
+cxx17build : CC = "$(CXX) -Wno-deprecated"
+cxx17build : CFLAGS = -std=c++17 -Wall -Wextra -Wundef -Wshadow -Wcast-align -Werror
+cxx17build : clean
+ $(CXX) -v
+ CC=$(CC) $(MAKE) -C $(LZ4DIR) all CFLAGS="$(CFLAGS)"
+ CC=$(CC) $(MAKE) -C $(PRGDIR) all CFLAGS="$(CFLAGS)"
+ CC=$(CC) $(MAKE) -C $(TESTDIR) all CFLAGS="$(CFLAGS)"
+
ctocpptest: LIBCC="$(CC)"
ctocpptest: TESTCC="$(CXX)"
ctocpptest: CFLAGS=""
</p></pre><BR>
-<pre><b>LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe() instead") LZ4LIB_API
-int LZ4_decompress_fast (const char* src, char* dst, int originalSize);
-LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_continue() instead") LZ4LIB_API
-int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int originalSize);
-LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_usingDict() instead") LZ4LIB_API
-int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, const char* dictStart, int dictSize);
-</b><p> These functions used to be a bit faster than LZ4_decompress_safe(),
- but situation has changed in recent versions.
- Now, `LZ4_decompress_safe()` is as fast and sometimes even faster than `LZ4_decompress_fast()`.
- Moreover, LZ4_decompress_safe() is protected vs malformed input, while `LZ4_decompress_fast()` is not, making it a security liability.
+<pre><b></b><p> These functions used to be faster than LZ4_decompress_safe(),
+ but it has changed, and they are now slower than LZ4_decompress_safe().
+ This is because LZ4_decompress_fast() doesn't know the input size,
+ and therefore must progress more cautiously in the input buffer to not read beyond the end of block.
+ On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability.
As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated.
- Last LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size.
- Note that even that functionality could be achieved in a more secure manner if need be,
- though it would require new prototypes, and adaptation of the implementation to this new use case.
+ The last remaining LZ4_decompress_fast() specificity is that
+ it can decompress a block without knowing its compressed size.
+ Such functionality could be achieved in a more secure manner,
+ by also providing the maximum size of input buffer,
+ but it would require new prototypes, and adaptation of the implementation to this new use case.
Parameters:
originalSize : is the uncompressed size to regenerate.
The function expects to finish at block's end exactly.
If the source stream is detected malformed, the function stops decoding and returns a negative result.
note : LZ4_decompress_fast*() requires originalSize. Thanks to this information, it never writes past the output buffer.
- However, since it doesn't know its 'src' size, it may read an unknown amount of input, and overflow input buffer.
- Also, since match offsets are not validated, match reads from 'src' may underflow.
- These issues never happen if input data is correct.
+ However, since it doesn't know its 'src' size, it may read an unknown amount of input, past input buffer bounds.
+ Also, since match offsets are not validated, match reads from 'src' may underflow too.
+ These issues never happen if input (compressed) data is correct.
But they may happen if input data is invalid (error or intentional tampering).
As a consequence, use these functions in trusted environments with trusted data **only**.
* On top of that `LZ4_decompress_fast()` is not protected vs malformed or malicious inputs, making it a security liability.
* As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated.
*
- * Only LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size.
- * Even that functionality could be achieved in a more secure manner if need be,
- * though it would require new prototypes, and adaptation of the implementation to this new use case.
+ * The last remaining LZ4_decompress_fast() specificity is that
+ * it can decompress a block without knowing its compressed size.
+ * Such functionality could be achieved in a more secure manner,
+ * by also providing the maximum size of input buffer,
+ * but it would require new prototypes, and adaptation of the implementation to this new use case.
*
* Parameters:
* originalSize : is the uncompressed size to regenerate.
} }
} /* for (cur = 1; cur <= last_match_pos; cur++) */
+ assert(last_match_pos < LZ4_OPT_NUM + TRAILING_LITERALS);
best_mlen = opt[last_match_pos].mlen;
best_off = opt[last_match_pos].off;
cur = last_match_pos - best_mlen;
for (blockSizeID = 4; blockSizeID < 8; ++blockSizeID) {
result = LZ4F_getBlockSize(blockSizeID);
CHECK(result);
- DISPLAYLEVEL(3, "Returned block size of %zu bytes for blockID %u \n",
- result, blockSizeID);
+ DISPLAYLEVEL(3, "Returned block size of %u bytes for blockID %u \n",
+ (unsigned)result, blockSizeID);
}
/* Test an invalid input that's too large */
const BYTE* b2=(const BYTE*)buff2;
DISPLAY("locateBuffDiff: looking for error position \n");
if (nonContiguous) {
- DISPLAY("mode %u: non-contiguous output (%zu bytes), cannot search \n", nonContiguous, size);
+ DISPLAY("mode %u: non-contiguous output (%u bytes), cannot search \n",
+ nonContiguous, (unsigned)size);
return;
}
while (p < size && b1[p]==b2[p]) p++;
static void local_LZ4_resetDictT(void)
{
void* const r = LZ4_initStream(&LZ4_stream, sizeof(LZ4_stream));
- assert(r != NULL);
+ assert(r != NULL); (void)r;
}
static void local_LZ4_createStream(void)
{
void* const r = LZ4_initStream(&LZ4_stream, sizeof(LZ4_stream));
- assert(r != NULL);
+ assert(r != NULL); (void)r;
}
static int local_LZ4_saveDict(const char* in, char* out, int inSize)
/* Test decompress_fast() with input buffer size exactly correct => must not read out of bound */
{ char* const cBuffer_exact = (char*)malloc((size_t)compressedSize);
assert(cBuffer_exact != NULL);
+ assert(compressedSize <= compressedBufferSize);
memcpy(cBuffer_exact, compressedBuffer, compressedSize);
/* Test decoding with output size exactly correct => must work */
int iNext = 0;
int dNext = 0;
int compressedSize;
- size_t const testVerifySize = testInputSize;
- assert((size_t)dBufferSize * 2 + 1 < testVerifySize); /* space used by ringBufferSafe and ringBufferFast */
+ assert((size_t)dBufferSize * 2 + 1 < testInputSize); /* space used by ringBufferSafe and ringBufferFast */
XXH64_reset(&xxhOrig, 0);
XXH64_reset(&xxhNewSafe, 0);
XXH64_reset(&xxhNewFast, 0);
projects / platform / upstream / lz4.git / commitdiff