• @arendjr@programming.dev
    link
    fedilink
    75 months ago

    For a little bit I thought this library might be a subtle joke, seeing the #define _SHITPRESS_H at the start. That combined with the compress() and decompress() not taking any arguments and not having a return value, I thought we were being played. Not to mention the library appears to be plain C rather than C++… surely the author should know the difference?

    Then I saw how the interface actually works:

    // interface for the library user, implement these in your program:
    unsigned int SPR_in(); // Return next byte from input or value > 255 on EOF.
    void SPR_out(unsigned char); // Output byte.
    

    This seems extremely poorly thought out. Calling into global functions for input and output means that your library will be a pain to use in any program that has to (de)compress anything more than a single input.

  • Marek Knápek
    link
    fedilink
    45 months ago

    You have stack buffer out of bounds write. On line 52 you declare h an array of 70 unsigned ints. On line 57 you store reference to such array. Later, on line 35 you write out of bounds, one element past end of the array. The _SPR_history[i] writes to _SPR_history[70]. Created an issue: https://github.com/X64X2/sh/issues/1