Marcono1234 opened a new pull request, #15570: URL: https://github.com/apache/lucene/pull/15570
### Description For LZ4 offset 0 is invalid, see https://github.com/lz4/lz4/blob/dev/doc/lz4_Block_format.md#compressed-block-format: > Note that 0 is an invalid `offset` value. The presence of a 0 `offset` value denotes an invalid (corrupted) block. Permitting offset 0 leads to the content of the given output buffer appearing in the output, which is a problem when reusing buffers. See also CVE-2025-66566. Side note: The native C implementation of LZ4 actually permits offset 0, but in that case emits 0 in the output, see https://github.com/lz4/lz4/issues/1631 and the comments there. Though to my understanding offset 0 only occurs for malformed input, so there might be no point in intentionally trying to support it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
