Merge pull request #3 from facebook/dev

pulling changes

Author: paulcruz74

README.md

@@ -67,11 +67,11 @@ Previous charts provide results applicable to typical file and stream scenarios
 The smaller the amount of data to compress, the more difficult it is to compress. This problem is common to all compression algorithms, and reason is, compression algorithms learn from past data how to compress future data. But at the beginning of a new data set, there is no "past" to build upon.
 
 To solve this situation, Zstd offers a __training mode__, which can be used to tune the algorithm for a selected type of data.
-Training Zstandard is achieved by provide it with a few samples (one file per sample). The result of this training is stored in a file called "dictionary", which must be loaded before compression and decompression.
+Training Zstandard is achieved by providing it with a few samples (one file per sample). The result of this training is stored in a file called "dictionary", which must be loaded before compression and decompression.
 Using this dictionary, the compression ratio achievable on small data improves dramatically.
 
 The following example uses the `github-users` [sample set](https://github.com/facebook/zstd/releases/tag/v1.1.3), created from [github public API](https://developer.github.com/v3/users/#get-all-users).
-It consists of roughly 10K records weighting about 1KB each.
+It consists of roughly 10K records weighing about 1KB each.
 
 Compression Ratio | Compression Speed | Decompression Speed
 ------------------|-------------------|--------------------

contrib/linux-kernel/lib/zstd/compress.c

@@ -1978,10 +1978,15 @@ void ZSTD_compressBlock_lazy_generic(ZSTD_CCtx *ctx, const void *src, size_t src
 				break; /* nothing found : store previous solution */
 			}
 
+		/* NOTE:
+		 * start[-offset+ZSTD_REP_MOVE-1] is undefined behavior.
+		 * (-offset+ZSTD_REP_MOVE-1) is unsigned, and is added to start, which
+		 * overflows the pointer, which is undefined behavior.
+		 */
 		/* catch up */
 		if (offset) {
 			while ((start > anchor) && (start > base + offset - ZSTD_REP_MOVE) &&
-			       (start[-1] == start[-1 - offset + ZSTD_REP_MOVE])) /* only search for offset within prefix */
+			       (start[-1] == (start-offset+ZSTD_REP_MOVE)[-1])) /* only search for offset within prefix */
 			{
 				start--;
 				matchLength++;

contrib/linux-kernel/lib/zstd/decompress.c

@@ -2212,6 +2212,20 @@ ZSTD_DStream *ZSTD_initDStream(size_t maxWindowSize, void *workspace, size_t wor
 	zds->ddict = zds->ddictLocal;
 	zds->legacyVersion = 0;
 	zds->hostageByte = 0;
+
+	{
+		size_t const blockSize = MIN(zds->maxWindowSize, ZSTD_BLOCKSIZE_ABSOLUTEMAX);
+		size_t const neededOutSize = zds->maxWindowSize + blockSize + WILDCOPY_OVERLENGTH * 2;
+
+		zds->inBuff = (char *)ZSTD_malloc(blockSize, zds->customMem);
+		zds->inBuffSize = blockSize;
+		zds->outBuff = (char *)ZSTD_malloc(neededOutSize, zds->customMem);
+		zds->outBuffSize = neededOutSize;
+		if (zds->inBuff == NULL || zds->outBuff == NULL) {
+			ZSTD_freeDStream(zds);
+			return NULL;
+		}
+	}
 	return zds;
 }
 
@@ -2333,25 +2347,17 @@ size_t ZSTD_decompressStream(ZSTD_DStream *zds, ZSTD_outBuffer *output, ZSTD_inB
 			if (zds->fParams.windowSize > zds->maxWindowSize)
 				return ERROR(frameParameter_windowTooLarge);
 
-			/* Adapt buffer sizes to frame header instructions */
+			/* Buffers are preallocated, but double check */
 			{
-				size_t const blockSize = MIN(zds->fParams.windowSize, ZSTD_BLOCKSIZE_ABSOLUTEMAX);
-				size_t const neededOutSize = zds->fParams.windowSize + blockSize + WILDCOPY_OVERLENGTH * 2;
-				zds->blockSize = blockSize;
+				size_t const blockSize = MIN(zds->maxWindowSize, ZSTD_BLOCKSIZE_ABSOLUTEMAX);
+				size_t const neededOutSize = zds->maxWindowSize + blockSize + WILDCOPY_OVERLENGTH * 2;
 				if (zds->inBuffSize < blockSize) {
-					ZSTD_free(zds->inBuff, zds->customMem);
-					zds->inBuffSize = blockSize;
-					zds->inBuff = (char *)ZSTD_malloc(blockSize, zds->customMem);
-					if (zds->inBuff == NULL)
-						return ERROR(memory_allocation);
+					return ERROR(GENERIC);
 				}
 				if (zds->outBuffSize < neededOutSize) {
-					ZSTD_free(zds->outBuff, zds->customMem);
-					zds->outBuffSize = neededOutSize;
-					zds->outBuff = (char *)ZSTD_malloc(neededOutSize, zds->customMem);
-					if (zds->outBuff == NULL)
-						return ERROR(memory_allocation);
+					return ERROR(GENERIC);
 				}
+				zds->blockSize = blockSize;
 			}
 			zds->stage = zdss_read;
 		}

contrib/linux-kernel/test/DecompressCrash.c

@@ -0,0 +1,85 @@
+/**
+ * Copyright (c) 2016-present, Yann Collet, Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD-style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+
+/*
+  This program takes a file in input,
+  performs a zstd round-trip test (compression - decompress)
+  compares the result with original
+  and generates a crash (double free) on corruption detection.
+*/
+
+/*===========================================
+*   Dependencies
+*==========================================*/
+#include <stddef.h>     /* size_t */
+#include <stdlib.h>     /* malloc, free, exit */
+#include <stdio.h>      /* fprintf */
+#include <linux/zstd.h>
+
+/*===========================================
+*   Macros
+*==========================================*/
+#define MIN(a,b)  ( (a) < (b) ? (a) : (b) )
+
+static ZSTD_DCtx *dctx = NULL;
+void *dws = NULL;
+static void* rBuff = NULL;
+static size_t buffSize = 0;
+
+static void crash(int errorCode){
+    /* abort if AFL/libfuzzer, exit otherwise */
+    #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* could also use __AFL_COMPILER */
+        abort();
+    #else
+        exit(errorCode);
+    #endif
+}
+
+static void decompressCheck(const void* srcBuff, size_t srcBuffSize)
+{
+    size_t const neededBuffSize = 20 * srcBuffSize;
+
+    /* Allocate all buffers and contexts if not already allocated */
+    if (neededBuffSize > buffSize) {
+        free(rBuff);
+        buffSize = 0;
+
+        rBuff = malloc(neededBuffSize);
+        if (!rBuff) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+        buffSize = neededBuffSize;
+    }
+    if (!dctx) {
+        size_t const workspaceSize = ZSTD_DCtxWorkspaceBound();
+        dws = malloc(workspaceSize);
+        if (!dws) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+        dctx = ZSTD_initDCtx(dws, workspaceSize);
+        if (!dctx) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+    }
+    ZSTD_decompressDCtx(dctx, rBuff, buffSize, srcBuff, srcBuffSize);
+
+#ifndef SKIP_FREE
+    free(dws); dws = NULL; dctx = NULL;
+    free(rBuff); rBuff = NULL;
+    buffSize = 0;
+#endif
+}
+
+int LLVMFuzzerTestOneInput(const unsigned char *srcBuff, size_t srcBuffSize) {
+  decompressCheck(srcBuff, srcBuffSize);
+  return 0;
+}

contrib/linux-kernel/test/Makefile

@@ -12,12 +12,24 @@ CPPFLAGS += $(IFLAGS)
 ../lib/zstd/libzstd.a: $(OBJECTS)
 	$(AR) $(ARFLAGS) $@ $^
 
+DecompressCrash: DecompressCrash.o $(OBJECTS) libFuzzer.a
+	$(CXX) $(TEST_CPPFLAGS) $(TEST_CXXFLAGS) $(LDFLAGS) $^ -o $@
+
+RoundTripCrash: RoundTripCrash.o $(OBJECTS) ../lib/xxhash.o libFuzzer.a
+	$(CXX) $(TEST_CPPFLAGS) $(TEST_CXXFLAGS) $(LDFLAGS) $^ -o $@
+
 UserlandTest: UserlandTest.cpp ../lib/zstd/libzstd.a ../lib/xxhash.o
 	$(CXX) $(CXXFLAGS) $(CFLAGS) $(CPPFLAGS) $^ googletest/build/googlemock/gtest/libgtest.a googletest/build/googlemock/gtest/libgtest_main.a -o $@
 
 XXHashUserlandTest: XXHashUserlandTest.cpp ../lib/xxhash.o ../../../lib/common/xxhash.o
 	$(CXX) $(CXXFLAGS) $(CFLAGS) $(CPPFLAGS) $^ googletest/build/googlemock/gtest/libgtest.a googletest/build/googlemock/gtest/libgtest_main.a -o $@
 
+# Install libfuzzer
+libFuzzer.a:
+	@$(RM) -rf Fuzzer
+	@git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer
+	@./Fuzzer/build.sh
+
 # Install googletest
 .PHONY: googletest
 googletest:
@@ -28,3 +40,4 @@ googletest:
 
 clean:
 	$(RM) -f *.{o,a} ../lib/zstd/*.{o,a}
+	$(RM) -f DecompressCrash RoundTripCrash UserlandTest XXHashUserlandTest

contrib/linux-kernel/test/RoundTripCrash.c

@@ -0,0 +1,162 @@
+/**
+ * Copyright (c) 2016-present, Yann Collet, Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD-style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+
+/*
+  This program takes a file in input,
+  performs a zstd round-trip test (compression - decompress)
+  compares the result with original
+  and generates a crash (double free) on corruption detection.
+*/
+
+/*===========================================
+*   Dependencies
+*==========================================*/
+#include <stddef.h>     /* size_t */
+#include <stdlib.h>     /* malloc, free, exit */
+#include <stdio.h>      /* fprintf */
+#include <linux/xxhash.h>
+#include <linux/zstd.h>
+
+/*===========================================
+*   Macros
+*==========================================*/
+#define MIN(a,b)  ( (a) < (b) ? (a) : (b) )
+
+static const int kMaxClevel = 22;
+
+static ZSTD_CCtx *cctx = NULL;
+void *cws = NULL;
+static ZSTD_DCtx *dctx = NULL;
+void *dws = NULL;
+static void* cBuff = NULL;
+static void* rBuff = NULL;
+static size_t buffSize = 0;
+
+
+/** roundTripTest() :
+*   Compresses `srcBuff` into `compressedBuff`,
+*   then decompresses `compressedBuff` into `resultBuff`.
+*   Compression level used is derived from first content byte.
+*   @return : result of decompression, which should be == `srcSize`
+*          or an error code if either compression or decompression fails.
+*   Note : `compressedBuffCapacity` should be `>= ZSTD_compressBound(srcSize)`
+*          for compression to be guaranteed to work */
+static size_t roundTripTest(void* resultBuff, size_t resultBuffCapacity,
+                            void* compressedBuff, size_t compressedBuffCapacity,
+                      const void* srcBuff, size_t srcBuffSize)
+{
+    size_t const hashLength = MIN(128, srcBuffSize);
+    unsigned const h32 = xxh32(srcBuff, hashLength, 0);
+    int const cLevel = h32 % kMaxClevel;
+    ZSTD_parameters const params = ZSTD_getParams(cLevel, srcBuffSize, 0);
+    size_t const cSize = ZSTD_compressCCtx(cctx, compressedBuff, compressedBuffCapacity, srcBuff, srcBuffSize, params);
+    if (ZSTD_isError(cSize)) {
+        fprintf(stderr, "Compression error : %u \n", ZSTD_getErrorCode(cSize));
+        return cSize;
+    }
+    return ZSTD_decompressDCtx(dctx, resultBuff, resultBuffCapacity, compressedBuff, cSize);
+}
+
+
+static size_t checkBuffers(const void* buff1, const void* buff2, size_t buffSize)
+{
+    const char* ip1 = (const char*)buff1;
+    const char* ip2 = (const char*)buff2;
+    size_t pos;
+
+    for (pos=0; pos<buffSize; pos++)
+        if (ip1[pos]!=ip2[pos])
+            break;
+
+    return pos;
+}
+
+static void crash(int errorCode){
+    /* abort if AFL/libfuzzer, exit otherwise */
+    #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* could also use __AFL_COMPILER */
+        abort();
+    #else
+        exit(errorCode);
+    #endif
+}
+
+static void roundTripCheck(const void* srcBuff, size_t srcBuffSize)
+{
+    size_t const neededBuffSize = ZSTD_compressBound(srcBuffSize);
+
+    /* Allocate all buffers and contexts if not already allocated */
+    if (neededBuffSize > buffSize) {
+        free(cBuff);
+        free(rBuff);
+        buffSize = 0;
+
+        cBuff = malloc(neededBuffSize);
+        rBuff = malloc(neededBuffSize);
+        if (!cBuff || !rBuff) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+        buffSize = neededBuffSize;
+    }
+    if (!cctx) {
+        ZSTD_compressionParameters const params = ZSTD_getCParams(kMaxClevel, 0, 0);
+        size_t const workspaceSize = ZSTD_CCtxWorkspaceBound(params);
+        cws = malloc(workspaceSize);
+        if (!cws) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+        cctx = ZSTD_initCCtx(cws, workspaceSize);
+        if (!cctx) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+    }
+    if (!dctx) {
+        size_t const workspaceSize = ZSTD_DCtxWorkspaceBound();
+        dws = malloc(workspaceSize);
+        if (!dws) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+        dctx = ZSTD_initDCtx(dws, workspaceSize);
+        if (!dctx) {
+            fprintf(stderr, "not enough memory ! \n");
+            crash(1);
+        }
+    }
+
+    {   size_t const result = roundTripTest(rBuff, buffSize, cBuff, buffSize, srcBuff, srcBuffSize);
+        if (ZSTD_isError(result)) {
+            fprintf(stderr, "roundTripTest error : %u \n", ZSTD_getErrorCode(result));
+            crash(1);
+        }
+        if (result != srcBuffSize) {
+            fprintf(stderr, "Incorrect regenerated size : %u != %u\n", (unsigned)result, (unsigned)srcBuffSize);
+            crash(1);
+        }
+        if (checkBuffers(srcBuff, rBuff, srcBuffSize) != srcBuffSize) {
+            fprintf(stderr, "Silent decoding corruption !!!");
+            crash(1);
+        }
+    }
+
+#ifndef SKIP_FREE
+    free(cws); cws = NULL; cctx = NULL;
+    free(dws); dws = NULL; dctx = NULL;
+    free(cBuff); cBuff = NULL;
+    free(rBuff); rBuff = NULL;
+    buffSize = 0;
+#endif
+}
+
+int LLVMFuzzerTestOneInput(const unsigned char *srcBuff, size_t srcBuffSize) {
+  roundTripCheck(srcBuff, srcBuffSize);
+  return 0;
+}

contrib/linux-kernel/test/UserlandTest.cpp

@@ -280,9 +280,9 @@ TEST(Block, ContentSize) {
 
 TEST(Block, CCtxLevelIncrease) {
   std::string c;
-  auto cctx = createCCtx(6);
+  auto cctx = createCCtx(22);
   auto dctx = createDCtx();
-  for (int level = 1; level <= 6; ++level) {
+  for (int level = 1; level <= 22; ++level) {
     auto compressed = compress(*cctx, kData, level);
     auto const decompressed = decompress(*dctx, compressed, kData.size());
     EXPECT_EQ(kData, decompressed);
@@ -478,6 +478,17 @@ TEST(Stream, Flush) {
   EXPECT_EQ(kData, decompressed);
 }
 
+TEST(Stream, DStreamLevelIncrease) {
+  auto zds = createDStream();
+  for (int level = 1; level <= 22; ++level) {
+    auto zcs = createCStream(level);
+    auto compressed = compress(*zcs, kData);
+    ZSTD_resetDStream(zds.get());
+    auto const decompressed = decompress(*zds, compressed, kData.size());
+    EXPECT_EQ(kData, decompressed);
+  }
+}
+
 #define TEST_SYMBOL(symbol)                                                    \
   do {                                                                         \
     extern void *__##symbol;                                                   \