Skip to content

zstd: Fix back-referenced offset #793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 26, 2023
Merged

zstd: Fix back-referenced offset #793

merged 1 commit into from
Mar 26, 2023

Conversation

@klauspost
Copy link
Owner

Since we expand backwards early, we may be in a situation where best.s+2 has already been indexed.

This will result in picking up a 0 or negative offset, which leads to corrupted data.

Skip this check if best.s is less than or equal to s-2.

Regression from #784 (not released)
@klauspost
zstd: Fix back-referenced offset
9c47e78 
Since we expand backwards early, we may be in a situation where best.s+2 has already been indexed.

This will result in picking up a 0 or negative offset, which leads to corrupted data.

Skip this check if best.s is less than or equal to s-2.

Regression from #784 (not released)
@klauspost klauspost merged commit 2a02ad2 into master Mar 26, 2023
@klauspost klauspost deleted the zstd-fix-backref branch March 26, 2023 08:05
@klauspost
Copy link
Owner Author

klauspost commented Mar 26, 2023
edited
Loading

Caught 15 minutes after this PR was opened on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57460
@gaby gaby mentioned this pull request Apr 24, 2023
Merged
kodiakhq bot referenced this pull request in cloudquery/filetypes May 1, 2023
@cq-bot
fix(deps): Update module github.com/klauspost/compress to v1.16.5 (#146)
0d26180 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.16.3` -> `v1.16.5` |

---

### Release Notes

<details>
<summary>klauspost/compress</summary>

### [`v1.16.5`](https://togithub.com/klauspost/compress/releases/tag/v1.16.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.4...v1.16.5)

#### What's Changed

-   zstd: readByte needs to use io.ReadFull by [@&#8203;jnoxon](https://togithub.com/jnoxon) in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802)
-   gzip: Fix WriterTo after initial read by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/804](https://togithub.com/klauspost/compress/pull/804)

#### New Contributors

-   [@&#8203;jnoxon](https://togithub.com/jnoxon) made their first contribution in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802)

**Full Changelog**: klauspost/compress@v1.16.4...v1.16.5

### [`v1.16.4`](https://togithub.com/klauspost/compress/releases/tag/v1.16.4)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.3...v1.16.4)

#### What's Changed

-   s2: Fix huge block overflow by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/779](https://togithub.com/klauspost/compress/pull/779)
-   s2: Allow CustomEncoder fallback by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/780](https://togithub.com/klauspost/compress/pull/780)
-   zstd: Fix amd64 not always detecting corrupt data by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/785](https://togithub.com/klauspost/compress/pull/785)
-   zstd: Improve zstd best efficiency by [@&#8203;klauspost](https://togithub.com/klauspost) and [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/784](https://togithub.com/klauspost/compress/pull/784)
-   zstd: Make load(32|64)32 safer and smaller by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/788](https://togithub.com/klauspost/compress/pull/788)
-   zstd: Fix quick reject on long backmatches by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/787](https://togithub.com/klauspost/compress/pull/787)
-   zstd: Revert table size change  by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/789](https://togithub.com/klauspost/compress/pull/789)
-   zstd: Respect WithAllLitEntropyCompression by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/792](https://togithub.com/klauspost/compress/pull/792)
-   zstd: Fix back-referenced offset by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/793](https://togithub.com/klauspost/compress/pull/793)
-   zstd: Load source value at start of loop by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/794](https://togithub.com/klauspost/compress/pull/794)
-   zstd: Shorten checksum code by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/795](https://togithub.com/klauspost/compress/pull/795)
-   zstd: Fix fallback on incompressible block by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/798](https://togithub.com/klauspost/compress/pull/798)
-   gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by [@&#8203;jgimenez](https://togithub.com/jgimenez) in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799)

#### New Contributors

-   [@&#8203;jgimenez](https://togithub.com/jgimenez) made their first contribution in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799)

**Full Changelog**: klauspost/compress@v1.16.3...v1.16.4

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS42Ni4zIiwidXBkYXRlZEluVmVyIjoiMzUuNjYuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
kodiakhq bot referenced this pull request in cloudquery/plugin-sdk Jul 1, 2023
@cq-bot
fix(deps): Update module github.com/klauspost/compress to v1.16.6 (#1036
76bfc85 
)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | patch | `v1.16.0` -> `v1.16.6` |

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

### [`v1.16.6`](https://togithub.com/klauspost/compress/releases/tag/v1.16.6)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.5...v1.16.6)

#### What's Changed

-   zstd: correctly ignore WithEncoderPadding(1) by [@&#8203;ianlancetaylor](https://togithub.com/ianlancetaylor) in [https://github.com/klauspost/compress/pull/806](https://togithub.com/klauspost/compress/pull/806)
-   gzhttp: Handle informational headers by [@&#8203;rtribotte](https://togithub.com/rtribotte) in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815)
-   zstd: Add amd64 match length assembly by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/824](https://togithub.com/klauspost/compress/pull/824)
-   s2: Improve Better compression slightly by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/663](https://togithub.com/klauspost/compress/pull/663)
-   s2: Clean up matchlen assembly by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/825](https://togithub.com/klauspost/compress/pull/825)

#### New Contributors

-   [@&#8203;rtribotte](https://togithub.com/rtribotte) made their first contribution in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815)
-   [@&#8203;dveeden](https://togithub.com/dveeden) made their first contribution in [https://github.com/klauspost/compress/pull/816](https://togithub.com/klauspost/compress/pull/816)

**Full Changelog**: klauspost/compress@v1.16.5...v1.16.6

### [`v1.16.5`](https://togithub.com/klauspost/compress/releases/tag/v1.16.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.4...v1.16.5)

#### What's Changed

-   zstd: readByte needs to use io.ReadFull by [@&#8203;jnoxon](https://togithub.com/jnoxon) in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802)
-   gzip: Fix WriterTo after initial read by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/804](https://togithub.com/klauspost/compress/pull/804)

#### New Contributors

-   [@&#8203;jnoxon](https://togithub.com/jnoxon) made their first contribution in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802)

**Full Changelog**: klauspost/compress@v1.16.4...v1.16.5

### [`v1.16.4`](https://togithub.com/klauspost/compress/releases/tag/v1.16.4)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.3...v1.16.4)

#### What's Changed

-   s2: Fix huge block overflow by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/779](https://togithub.com/klauspost/compress/pull/779)
-   s2: Allow CustomEncoder fallback by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/780](https://togithub.com/klauspost/compress/pull/780)
-   zstd: Fix amd64 not always detecting corrupt data by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/785](https://togithub.com/klauspost/compress/pull/785)
-   zstd: Improve zstd best efficiency by [@&#8203;klauspost](https://togithub.com/klauspost) and [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/784](https://togithub.com/klauspost/compress/pull/784)
-   zstd: Make load(32|64)32 safer and smaller by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/788](https://togithub.com/klauspost/compress/pull/788)
-   zstd: Fix quick reject on long backmatches by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/787](https://togithub.com/klauspost/compress/pull/787)
-   zstd: Revert table size change  by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/789](https://togithub.com/klauspost/compress/pull/789)
-   zstd: Respect WithAllLitEntropyCompression by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/792](https://togithub.com/klauspost/compress/pull/792)
-   zstd: Fix back-referenced offset by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/793](https://togithub.com/klauspost/compress/pull/793)
-   zstd: Load source value at start of loop by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/794](https://togithub.com/klauspost/compress/pull/794)
-   zstd: Shorten checksum code by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/795](https://togithub.com/klauspost/compress/pull/795)
-   zstd: Fix fallback on incompressible block by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/798](https://togithub.com/klauspost/compress/pull/798)
-   gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by [@&#8203;jgimenez](https://togithub.com/jgimenez) in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799)

#### New Contributors

-   [@&#8203;jgimenez](https://togithub.com/jgimenez) made their first contribution in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799)

**Full Changelog**: klauspost/compress@v1.16.3...v1.16.4

### [`v1.16.3`](https://togithub.com/klauspost/compress/releases/tag/v1.16.3)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.2...v1.16.3)

**Full Changelog**: klauspost/compress@v1.16.2...v1.16.3

### [`v1.16.2`](https://togithub.com/klauspost/compress/releases/tag/v1.16.2)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.1...v1.16.2)

#### What's Changed

-   Fix Goreleaser permissions by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/777](https://togithub.com/klauspost/compress/pull/777)

**Full Changelog**: klauspost/compress@v1.16.1...v1.16.2

### [`v1.16.1`](https://togithub.com/klauspost/compress/releases/tag/v1.16.1)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.0...v1.16.1)

#### What's Changed

-   zstd: Speed up + improve best encoder by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/776](https://togithub.com/klauspost/compress/pull/776)
-   s2: Add Intel LZ4s converter by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/766](https://togithub.com/klauspost/compress/pull/766)
-   gzhttp: Add BREACH mitigation by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/762](https://togithub.com/klauspost/compress/pull/762)
-   gzhttp: Remove a few unneeded allocs by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/768](https://togithub.com/klauspost/compress/pull/768)
-   gzhttp: Fix crypto/rand.Read usage by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/770](https://togithub.com/klauspost/compress/pull/770)
-   gzhttp: Use SHA256 as paranoid option by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/769](https://togithub.com/klauspost/compress/pull/769)
-   gzhttp: Use strings for randomJitter to skip a copy by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/767](https://togithub.com/klauspost/compress/pull/767)
-   zstd: Fix ineffective block size check by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/771](https://togithub.com/klauspost/compress/pull/771)
-   zstd: Check FSE init values by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/772](https://togithub.com/klauspost/compress/pull/772)
-   zstd: Report EOF from byteBuf.readBig by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/773](https://togithub.com/klauspost/compress/pull/773)
-   huff0: Speed up compress1xDo by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/774](https://togithub.com/klauspost/compress/pull/774)
-   tests: Remove fuzz printing by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/775](https://togithub.com/klauspost/compress/pull/775)
-   tests: Add CICD Fuzz testing by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/763](https://togithub.com/klauspost/compress/pull/763)
-   ci: set minimal permissions to GitHub Workflows by [@&#8203;diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765)

#### New Contributors

-   [@&#8203;diogoteles08](https://togithub.com/diogoteles08) made their first contribution in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765)

**Full Changelog**: klauspost/compress@v1.16.0...v1.16.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNTEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjE1MS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
kodiakhq bot referenced this pull request in cloudquery/plugin-pb-go Aug 1, 2023
@cq-bot
fix(deps): Update module github.com/klauspost/compress to v1.16.7 (#82)
12e9d67 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/klauspost/compress](https://togithub.com/klauspost/compress) | indirect | minor | `v1.15.15` -> `v1.16.7` |

---

### Release Notes

<details>
<summary>klauspost/compress (github.com/klauspost/compress)</summary>

### [`v1.16.7`](https://togithub.com/klauspost/compress/releases/tag/v1.16.7)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.6...v1.16.7)

#### What's Changed

-   zstd: Fix default level first dictionary encode by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/829](https://togithub.com/klauspost/compress/pull/829)
-   docs: Fix typo in security advisory URL by [@&#8203;vcabbage](https://togithub.com/vcabbage) in [https://github.com/klauspost/compress/pull/830](https://togithub.com/klauspost/compress/pull/830)
-   s2: add GetBufferCapacity() method by [@&#8203;GiedriusS](https://togithub.com/GiedriusS) in [https://github.com/klauspost/compress/pull/832](https://togithub.com/klauspost/compress/pull/832)

#### New Contributors

-   [@&#8203;vcabbage](https://togithub.com/vcabbage) made their first contribution in [https://github.com/klauspost/compress/pull/830](https://togithub.com/klauspost/compress/pull/830)
-   [@&#8203;GiedriusS](https://togithub.com/GiedriusS) made their first contribution in [https://github.com/klauspost/compress/pull/832](https://togithub.com/klauspost/compress/pull/832)

**Full Changelog**: klauspost/compress@v1.16.6...v1.16.7

### [`v1.16.6`](https://togithub.com/klauspost/compress/releases/tag/v1.16.6)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.5...v1.16.6)

#### What's Changed

-   zstd: correctly ignore WithEncoderPadding(1) by [@&#8203;ianlancetaylor](https://togithub.com/ianlancetaylor) in [https://github.com/klauspost/compress/pull/806](https://togithub.com/klauspost/compress/pull/806)
-   gzhttp: Handle informational headers by [@&#8203;rtribotte](https://togithub.com/rtribotte) in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815)
-   zstd: Add amd64 match length assembly by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/824](https://togithub.com/klauspost/compress/pull/824)
-   s2: Improve Better compression slightly by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/663](https://togithub.com/klauspost/compress/pull/663)
-   s2: Clean up matchlen assembly by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/825](https://togithub.com/klauspost/compress/pull/825)

#### New Contributors

-   [@&#8203;rtribotte](https://togithub.com/rtribotte) made their first contribution in [https://github.com/klauspost/compress/pull/815](https://togithub.com/klauspost/compress/pull/815)
-   [@&#8203;dveeden](https://togithub.com/dveeden) made their first contribution in [https://github.com/klauspost/compress/pull/816](https://togithub.com/klauspost/compress/pull/816)

**Full Changelog**: klauspost/compress@v1.16.5...v1.16.6

### [`v1.16.5`](https://togithub.com/klauspost/compress/releases/tag/v1.16.5)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.4...v1.16.5)

#### What's Changed

-   zstd: readByte needs to use io.ReadFull by [@&#8203;jnoxon](https://togithub.com/jnoxon) in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802)
-   gzip: Fix WriterTo after initial read by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/804](https://togithub.com/klauspost/compress/pull/804)

#### New Contributors

-   [@&#8203;jnoxon](https://togithub.com/jnoxon) made their first contribution in [https://github.com/klauspost/compress/pull/802](https://togithub.com/klauspost/compress/pull/802)

**Full Changelog**: klauspost/compress@v1.16.4...v1.16.5

### [`v1.16.4`](https://togithub.com/klauspost/compress/releases/tag/v1.16.4)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.3...v1.16.4)

#### What's Changed

-   s2: Fix huge block overflow by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/779](https://togithub.com/klauspost/compress/pull/779)
-   s2: Allow CustomEncoder fallback by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/780](https://togithub.com/klauspost/compress/pull/780)
-   zstd: Fix amd64 not always detecting corrupt data by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/785](https://togithub.com/klauspost/compress/pull/785)
-   zstd: Improve zstd best efficiency by [@&#8203;klauspost](https://togithub.com/klauspost) and [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/784](https://togithub.com/klauspost/compress/pull/784)
-   zstd: Make load(32|64)32 safer and smaller by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/788](https://togithub.com/klauspost/compress/pull/788)
-   zstd: Fix quick reject on long backmatches by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/787](https://togithub.com/klauspost/compress/pull/787)
-   zstd: Revert table size change  by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/789](https://togithub.com/klauspost/compress/pull/789)
-   zstd: Respect WithAllLitEntropyCompression by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/792](https://togithub.com/klauspost/compress/pull/792)
-   zstd: Fix back-referenced offset by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/793](https://togithub.com/klauspost/compress/pull/793)
-   zstd: Load source value at start of loop by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/794](https://togithub.com/klauspost/compress/pull/794)
-   zstd: Shorten checksum code by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/795](https://togithub.com/klauspost/compress/pull/795)
-   zstd: Fix fallback on incompressible block by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/798](https://togithub.com/klauspost/compress/pull/798)
-   gzhttp: Suppport ResponseWriter Unwrap() in gzhttp handler by [@&#8203;jgimenez](https://togithub.com/jgimenez) in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799)

#### New Contributors

-   [@&#8203;jgimenez](https://togithub.com/jgimenez) made their first contribution in [https://github.com/klauspost/compress/pull/799](https://togithub.com/klauspost/compress/pull/799)

**Full Changelog**: klauspost/compress@v1.16.3...v1.16.4

### [`v1.16.3`](https://togithub.com/klauspost/compress/releases/tag/v1.16.3)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.2...v1.16.3)

**Full Changelog**: klauspost/compress@v1.16.2...v1.16.3

### [`v1.16.2`](https://togithub.com/klauspost/compress/releases/tag/v1.16.2)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.1...v1.16.2)

#### What's Changed

-   Fix Goreleaser permissions by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/777](https://togithub.com/klauspost/compress/pull/777)

**Full Changelog**: klauspost/compress@v1.16.1...v1.16.2

### [`v1.16.1`](https://togithub.com/klauspost/compress/releases/tag/v1.16.1)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.16.0...v1.16.1)

#### What's Changed

-   zstd: Speed up + improve best encoder by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/776](https://togithub.com/klauspost/compress/pull/776)
-   s2: Add Intel LZ4s converter by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/766](https://togithub.com/klauspost/compress/pull/766)
-   gzhttp: Add BREACH mitigation by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/762](https://togithub.com/klauspost/compress/pull/762)
-   gzhttp: Remove a few unneeded allocs by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/768](https://togithub.com/klauspost/compress/pull/768)
-   gzhttp: Fix crypto/rand.Read usage by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/770](https://togithub.com/klauspost/compress/pull/770)
-   gzhttp: Use SHA256 as paranoid option by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/769](https://togithub.com/klauspost/compress/pull/769)
-   gzhttp: Use strings for randomJitter to skip a copy by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/767](https://togithub.com/klauspost/compress/pull/767)
-   zstd: Fix ineffective block size check by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/771](https://togithub.com/klauspost/compress/pull/771)
-   zstd: Check FSE init values by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/772](https://togithub.com/klauspost/compress/pull/772)
-   zstd: Report EOF from byteBuf.readBig by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/773](https://togithub.com/klauspost/compress/pull/773)
-   huff0: Speed up compress1xDo by [@&#8203;greatroar](https://togithub.com/greatroar) in [https://github.com/klauspost/compress/pull/774](https://togithub.com/klauspost/compress/pull/774)
-   tests: Remove fuzz printing by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/775](https://togithub.com/klauspost/compress/pull/775)
-   tests: Add CICD Fuzz testing by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/763](https://togithub.com/klauspost/compress/pull/763)
-   ci: set minimal permissions to GitHub Workflows by [@&#8203;diogoteles08](https://togithub.com/diogoteles08) in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765)

#### New Contributors

-   [@&#8203;diogoteles08](https://togithub.com/diogoteles08) made their first contribution in [https://github.com/klauspost/compress/pull/765](https://togithub.com/klauspost/compress/pull/765)

**Full Changelog**: klauspost/compress@v1.16.0...v1.16.1

### [`v1.16.0`](https://togithub.com/klauspost/compress/releases/tag/v1.16.0)

[Compare Source](https://togithub.com/klauspost/compress/compare/v1.15.15...v1.16.0)

#### What's Changed

-   s2: Add Dictionary support by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/685](https://togithub.com/klauspost/compress/pull/685)
-   s2: Add Compression Size Estimate by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/752](https://togithub.com/klauspost/compress/pull/752)
-   s2: Add support for custom stream encoder by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/755](https://togithub.com/klauspost/compress/pull/755)
-   s2: Add LZ4 block converter by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/748](https://togithub.com/klauspost/compress/pull/748)
-   s2: Support io.ReaderAt in ReadSeeker by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/747](https://togithub.com/klauspost/compress/pull/747)
-   s2c/s2sx: Use concurrent decoding by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/746](https://togithub.com/klauspost/compress/pull/746)
-   tests: Upgrade to Go 1.20 by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/749](https://togithub.com/klauspost/compress/pull/749)
-   Update all (command) dependencies by [@&#8203;klauspost](https://togithub.com/klauspost) in [https://github.com/klauspost/compress/pull/758](https://togithub.com/klauspost/compress/pull/758)

**Full Changelog**: klauspost/compress@v1.15.15...v1.16.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNi4xIiwidXBkYXRlZEluVmVyIjoiMzYuMjYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
klauspost added a commit that referenced this pull request Oct 22, 2023
@klauspost
zstd: Fix corrupted output in "best"
874e125 
Regression from #784 and followup #793

Fixes #875

A 0 offset backreference was possible when "improve" was successful twice in a row in the "skipBeginning" part, only finding 2 (previously unmatches) length 4 matches, but where start offset decreased by 2 in both cases.

This would result in output where the end offset would equal to the next 's', thereby doing a self-reference.

Add a general check in "improve" and just reject these. Will also guard against similar issues in the future.

This also hints at some potentially suboptimal hash indexing - but I will take that improvement separately.

Fuzz test set updated.
@klauspost klauspost mentioned this pull request Oct 22, 2023
Merged
klauspost added a commit that referenced this pull request Oct 22, 2023
@klauspost
zstd: Fix corrupted output in "best" (#876)
8eb6542 
* zstd: Fix corrupted output in "best"

Regression from #784 and followup #793

Fixes #875

A 0 offset backreference was possible when "improve" was successful twice in a row in the "skipBeginning" part, only finding 2 (previously unmatches) length 4 matches, but where start offset decreased by 2 in both cases.

This would result in output where the end offset would equal to the next 's', thereby doing a self-reference.

Add a general check in "improve" and just reject these. Will also guard against similar issues in the future.

This also hints at some potentially suboptimal hash indexing - but I will take that improvement separately.

Fuzz test set updated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@klauspost