From 5bd35e6636c026c082e2228e4fa17b80aae4b967 Mon Sep 17 00:00:00 2001 From: dogsheng <960055655@qq.com> Date: Wed, 25 Dec 2019 15:57:50 +0800 Subject: [PATCH] Package init --- ...ion-Bug-when-Streaming-with-an-Attac.patch | 38 +++++++++++++++++++ lz4.spec | 10 +++-- 2 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch diff --git a/Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch b/Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch new file mode 100644 index 0000000..4fdad84 --- /dev/null +++ b/Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch @@ -0,0 +1,38 @@ +From 2c67902d594f7ae37b68cef1692b823b4b497e92 Mon Sep 17 00:00:00 2001 +From: "W. Felix Handte" +Date: Thu, 18 Jul 2019 12:41:12 -0400 +Subject: [PATCH 3/3] Fix Data Corruption Bug when Streaming with an Attached + Dict in HC Mode + +This diff fixes an issue in which we failed to clear the `dictCtx` in HC +compression. The `dictCtx` is not supposed to be used when an `extDict` is +present: matches found in the `dictCtx` do not account for the presence of an +`extDict` segment, and their offsets are therefore miscalculated when one is +present. This can lead to data corruption. + +This diff clears the `dictCtx` whenever setting an `extDict`. + +This issue was uncovered by @terrelln's fuzzing work. +--- + lib/lz4hc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/lz4hc.c b/lib/lz4hc.c +index b62e085..98813a6 100644 +--- a/lib/lz4hc.c ++++ b/lib/lz4hc.c +@@ -940,6 +940,11 @@ static void LZ4HC_setExternalDict(LZ4HC_CCtx_internal* ctxPtr, const BYTE* newBl + if (ctxPtr->end >= ctxPtr->base + ctxPtr->dictLimit + 4) + LZ4HC_Insert (ctxPtr, ctxPtr->end-3); /* Referencing remaining dictionary content */ + ++ /* cannot reference an extDict and a dictCtx at the same time */ ++ if (ctxPtr->dictCtx != NULL) { ++ ctxPtr->dictCtx = NULL; ++ } ++ + /* Only one memory segment for extDict, so any previous extDict is lost at this stage */ + ctxPtr->lowLimit = ctxPtr->dictLimit; + ctxPtr->dictLimit = (U32)(ctxPtr->end - ctxPtr->base); +-- +1.8.3.1 + diff --git a/lz4.spec b/lz4.spec index c2dbbb3..0252415 100644 --- a/lz4.spec +++ b/lz4.spec @@ -1,17 +1,18 @@ Name: lz4 Version: 1.9.2 -Release: 1 +Release: 2 Summary: Extremely fast compression algorithm License: GPLv2+ and BSD URL: https://lz4.github.io/lz4/ Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz +Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch Provides: %{name}-libs = %{version}-%{release} Obsoletes: %{name} < 1.7.5-3 Obsoletes: %{name}-libs -BuildRequires: gcc +BuildRequires: gcc git %description LZ4 is lossless compression algorithm, providing compression speed > 500 MB/s per @@ -32,7 +33,7 @@ applications using liblz4 library. %package_help %prep -%autosetup +%autosetup -n %{name}-%{version} -p1 -Sgit cp %{_builddir}/%{name}-%{version}/lib/LICENSE %{_builddir}/%{name}-%{version}/LICENSE-lib %build @@ -67,5 +68,8 @@ export MOREFLAGS="-g" %{_mandir}/man1/unlz4.1* %changelog +* Mon Dec 23 2019 openEuler Buildteam - 1.9.2-2 +- fix abort in oss-fuzz round_trip_stream_fuzzer.c + * Tue Aug 27 2019 openEuler Buildteam - 1.9.2-1 - Package init