Accessing memory beyond the end of the input buffer

xiaoyin0208 / lz4

Automatically exported from code.google.com/p/lz4

0 stars 0 forks source link

Accessing memory beyond the end of the input buffer #2

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

1. Run the stress test (Windows) http://directnet-drive.net/lz4_test.cpp
2. Program crashes
3. #define LZ4_WORKAROUND to workaround the bug

lz4 latest svn source, compiled using VS2010, run on Windows 7

lz crashes on the line
for(;length>0;length-=4) { *(U32*)op = *(U32*)anchor; op+=4; anchor+=4; }
It tries to access 4 bytes at anchor address but it points to the end of the 
input stream minus 1/2/3 bytes.

Original issue reported on code.google.com by fmot.f...@gmail.com on 14 Sep 2011 at 12:04

GoogleCodeExporter commented 8 years ago

Thanks for pointing that out. I'll look into it.

Original comment by yann.col...@gmail.com on 15 Sep 2011 at 4:00

GoogleCodeExporter commented 8 years ago

I'll handle this one.

Original comment by yann.col...@gmail.com on 15 Sep 2011 at 4:01

Changed state: Accepted

GoogleCodeExporter commented 8 years ago

Great! 8)

Original comment by fmot.f...@gmail.com on 15 Sep 2011 at 4:18

GoogleCodeExporter commented 8 years ago

Issue is corrected in r20.
Thanks for the detailed bug report, which allowed a quick solving of the issue.

Original comment by yann.col...@gmail.com on 15 Sep 2011 at 7:23

Changed state: Fixed