diff options
author | Antoine Pitrou <antoine@python.org> | 2021-11-30 19:46:18 +0100 |
---|---|---|
committer | Antoine Pitrou <antoine@python.org> | 2021-11-30 19:46:18 +0100 |
commit | 64df9f28c8452500506af3361dd079e78f736ad5 (patch) | |
tree | b62e632c5c87ea76bdf94c801cfc652cb43023ab | |
parent | 65dc7b383985eb4f63cd3e752136db8d9b4be8c0 (diff) | |
download | snappy-git-64df9f28c8452500506af3361dd079e78f736ad5.tar.gz |
Fix UBSan error (ptr + offset overflow)
As `i + offset` is promoted to a "negative" size_t,
UBSan would complain when adding the resulting offset to `dst`:
```
/tmp/RtmptDX1SS/file584e37df4e/snappy_ep-prefix/src/snappy_ep/snappy.cc:343:43: runtime error: addition of unsigned offset to 0x6120003c5ec1 overflowed to 0x6120003c5ec0
#0 0x7f9ebd21769c in snappy::(anonymous namespace)::Copy64BytesWithPatternExtension(char*, unsigned long) /tmp/RtmptDX1SS/file584e37df4e/snappy_ep-prefix/src/snappy_ep/snappy.cc:343:43
#1 0x7f9ebd21769c in std::__1::pair<unsigned char const*, long> snappy::DecompressBranchless<char*>(unsigned char const*, unsigned char const*, long, char*, long) /tmp/RtmptDX1SS/file584e37df4e/snappy_ep-prefix/src/snappy_ep/snappy.cc:1160:15
```
-rw-r--r-- | snappy.cc | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -340,7 +340,7 @@ static inline bool Copy64BytesWithPatternExtension(char* dst, size_t offset) { if (SNAPPY_PREDICT_TRUE(offset < 16)) { if (SNAPPY_PREDICT_FALSE(offset == 0)) return false; // Extend the pattern to the first 16 bytes. - for (int i = 0; i < 16; i++) dst[i] = dst[i - offset]; + for (int i = 0; i < 16; i++) dst[i] = (dst - offset)[i]; // Find a multiple of pattern >= 16. static std::array<uint8_t, 16> pattern_sizes = []() { std::array<uint8_t, 16> res; |