FIX: memory corruption when used crush compression

Oldes · Oldes · commit d744cee9ad83 · 2021-12-10T15:31:50.000+01:00
diff --git a/src/core/u-crush.c b/src/core/u-crush.c
@@ -162,7 +162,7 @@ static inline int get_penalty(int a, int b) {
 
 	level = MAX(0, MIN(2, level));
 
-	ser = Make_Series(size + 4, sizeof(REBYTE), FALSE);
+	ser = Make_Series(MAX(16, size+4), sizeof(REBYTE), FALSE);
 	ctx.data = BIN_HEAD(ser);
 
 	((REBCNT *)ctx.data)[0] = size;
@@ -261,10 +261,11 @@ static inline int get_penalty(int a, int b) {
 			}
 		}
 
-		if (ctx.index >= SERIES_AVAIL(ser)) {
-			// If input is already well compressed, output from the Crush may be larger!
+		// If input is already well compressed, output from the Crush may be larger!
+		// Instead of adding this check to each `put_bits` call, count with some hopefuly safe range (16bytes)
+		if (ctx.index+16 >= SERIES_REST(ser)) {
 			SERIES_TAIL(ser) = ctx.index;
-			Expand_Series(ser, ctx.index, SERIES_AVAIL(ser) >> 3); // using 1/4 of the current size for the delta
+			Expand_Series(ser, ctx.index, MAX(16, SERIES_REST(ser) >> 3)); // using 1/4 of the current size for the delta
 			ctx.data = BIN_DATA(ser);
 		}
 
diff --git a/src/tests/units/compress-test.r3 b/src/tests/units/compress-test.r3
@@ -186,6 +186,15 @@ text: {Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempo
 
 		--test-- "CRUSH decompress when not at head"
 			--assert data = to string! decompress next join #{00} compress data 'crush 'crush
+
+		--test-- "CRUSH with bad compression ratio"
+			; CRUSH algorithm does not work well if there is no repeatable pattern
+			; These asserts also validates, that there is no memory coruption as internal extension is used
+			--assert #{0400000062C8984103} = compress "1234" 'crush
+			--assert #{0800000062C89841A3868D1B38} = compress "12345678" 'crush
+			--assert #{0D00000062C89841A3868D1B38720411328408} = compress "123456789ABCD" 'crush
+			--assert #{1100000062C89841A3868D1B387204113284481123479000} = compress "123456789ABCDEFGH" 'crush
+			--assert #{1500000062C89841A3868D1B38720411328448112347902451B28409} = compress "123456789ABCDEFGHIJKL" 'crush
 	]
 ===end-group===
 
@@ -195,7 +204,7 @@ text: {Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempo
 	--assert (a: compress  "a" 'zlib) = #{789C4B040000620062}
 	--assert (b: encloak a "a")       = #{2CD6F679DCDC44E141}
 	--assert (c: decloak b "a")       = #{789C4B040000620062}
-	--assert (d: decompress c 'zlib)  = #{61}
+	--assert (d: decompress a 'zlib)  = #{61}
 
 ===end-group===
 

Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,7 @@ static inline int get_penalty(int a, int b) {`
`162`	`162`
`163`	`163`	`level = MAX(0, MIN(2, level));`
`164`	`164`
`165`		`- ser = Make_Series(size + 4, sizeof(REBYTE), FALSE);`
	`165`	`+ ser = Make_Series(MAX(16, size+4), sizeof(REBYTE), FALSE);`
`166`	`166`	`ctx.data = BIN_HEAD(ser);`
`167`	`167`
`168`	`168`	`((REBCNT *)ctx.data)[0] = size;`
`@@ -261,10 +261,11 @@ static inline int get_penalty(int a, int b) {`
`261`	`261`	`}`
`262`	`262`	`}`
`263`	`263`
`264`		`- if (ctx.index >= SERIES_AVAIL(ser)) {`
`265`		`- // If input is already well compressed, output from the Crush may be larger!`
	`264`	`+ // If input is already well compressed, output from the Crush may be larger!`
	`265`	+ // Instead of adding this check to each `put_bits` call, count with some hopefuly safe range (16bytes)
	`266`	`+ if (ctx.index+16 >= SERIES_REST(ser)) {`
`266`	`267`	`SERIES_TAIL(ser) = ctx.index;`
`267`		`- Expand_Series(ser, ctx.index, SERIES_AVAIL(ser) >> 3); // using 1/4 of the current size for the delta`
	`268`	`+ Expand_Series(ser, ctx.index, MAX(16, SERIES_REST(ser) >> 3)); // using 1/4 of the current size for the delta`
`268`	`269`	`ctx.data = BIN_DATA(ser);`
`269`	`270`	`}`
`270`	`271`