Comments (3)
Cyan4973
commented on May 17, 2024
This is invalid.
If the code reaches that part, it means data is corrupted, because it's trying to generate an offset = 0.
This is considered a potential attack vector, that's why the offset is converted into a 1: it ensures that the underlying memory content of the destination buffer is overwritten, hence it prevents scenario where such content could be accessed afterwards.
Detecting this issue is good ground to generate an error.
Problem is, inserting an error detection signal at this place in the code results (or at least used to result) in substantial performance drawbacks, because it's an extremely hot section of the decoding loop.
Therefore, we rather rely on the checksum to tell us so (assuming the issue is accidental, following a transmission or storage error).
from zstd.
terrelln
commented on May 17, 2024
This is one of the cases where we don't guarantee that we reject all possible invalid frames. Since we guarantee safety on invalid frames, we must not actually copy from offset 0. In this case we decide to copy from offset 1. So given this invalid frame, for performance reasons, we decide to ignore the corruption.
Other implementations are allowed to reject this frame.
from zstd.
Cyan4973
commented on May 17, 2024
spec updated
from zstd.
Related Issues (20)
- Increase minimum C standard from C89/C90 to C11 HOT 3
- New zstd 1.5.5 version is two times slower in compression speed than older 1.4.5 version HOT 12
- ZSTD with T option does not scale on multicore CPUs HOT 7
- Question about FSE Huffman literal part
- C++ Builder and mem.h ambiguity HOT 7
- Reducing DCtx Size for Embedded Systems (like esp32) HOT 2
- Automatic code formatting? HOT 1
- No `uncompressed` and `ratio` information in `zstd --list` output if the zstd file is created via pipe HOT 3
- lz4 "legacy" format support HOT 1
- Add common file types that are compressed to ' --exclude-compressed' HOT 3
- windows
- compressing files containing multiple similar portions HOT 5
- Using ZSTD_compressBound for Streaming Input HOT 4
- head file not found HOT 1
- ZSTD-1.5.2 compress Segmentation fault HOT 4
- Support history buffers in zstd hardware acceleration HOT 3
- RFC: Code for integration zstd into node.js
- seekable_format/examples/parallel_compression.c is not parallel
- use decompress
- soft link
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zstd.