Merge branch 'master' into fix/cli-comment-verification-return
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 90dda94..6a16dcb 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -218,7 +218,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
diff --git a/.github/workflows/build_test_wasm.yml b/.github/workflows/build_test_wasm.yml
index ead2f21..9458713 100644
--- a/.github/workflows/build_test_wasm.yml
+++ b/.github/workflows/build_test_wasm.yml
@@ -35,7 +35,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
@@ -53,7 +53,7 @@
run: which node >> $HOME/.base_node_path
- name: Install emsdk
- uses: mymindstorm/setup-emsdk@667eb33f24e84e7f362c16d8d7fff0629a73e15e # v15
+ uses: mymindstorm/setup-emsdk@4528d102f7230f0e7b276855c01ea1159be0e984 # v16
with:
version: ${{env.EM_VERSION}}
no-cache: true
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 37365a3..bbe66a3 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,7 +35,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index a1734e4..95aa529 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -22,7 +22,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index cecf380..b00531c 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -30,7 +30,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ead2bea..5c6e90a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -64,7 +64,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
@@ -74,7 +74,7 @@
submodules: false
fetch-depth: 1
- - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+ - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-vcpkg
with:
path: vcpkg
@@ -145,7 +145,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
@@ -203,7 +203,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 2e547b6..bf3c650 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -37,7 +37,7 @@
steps:
- name: Harden Runner
- uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
+ uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
diff --git a/c/dec/decode.c b/c/dec/decode.c
index c4972a5..5510d10 100644
--- a/c/dec/decode.c
+++ b/c/dec/decode.c
@@ -481,6 +481,9 @@
uint8_t* ringbuffer,
int pos,
const int limit) {
+ const int kMaximalOverread = 4;
+ int pos_limit = limit;
+ int copies = 0;
/* Calculate range where CheckInputAmount is always true.
Start with the number of bytes we can read. */
int64_t new_lim = br->guard_in - br->next_in;
@@ -488,9 +491,6 @@
new_lim *= 8;
/* At most 15 bits per symbol, so this is safe. */
new_lim /= 15;
- const int kMaximalOverread = 4;
- int pos_limit = limit;
- int copies = 0;
if ((new_lim - kMaximalOverread) <= limit) {
// Safe cast, since new_lim is already < num_steps
pos_limit = (int)(new_lim - kMaximalOverread);
@@ -2091,10 +2091,10 @@
} while (--i != 0);
} else { /* safe */
do {
+ brotli_reg_t literal;
if (BROTLI_PREDICT_FALSE(s->block_length[0] == 0)) {
goto NextLiteralBlock;
}
- brotli_reg_t literal;
if (!SafeReadSymbol(s->literal_htree, br, &literal)) {
result = BROTLI_DECODER_NEEDS_MORE_INPUT;
goto saveStateAndReturn;
diff --git a/c/enc/encode.c b/c/enc/encode.c
index 9e72744..b2583e4 100644
--- a/c/enc/encode.c
+++ b/c/enc/encode.c
@@ -761,11 +761,12 @@
BrotliEncoderState* BrotliEncoderCreateInstance(
brotli_alloc_func alloc_func, brotli_free_func free_func, void* opaque) {
+ BrotliEncoderState* state;
BROTLI_BOOL healthy = BrotliEncoderEnsureStaticInit();
if (!healthy) {
return 0;
}
- BrotliEncoderState* state = (BrotliEncoderState*)BrotliBootstrapAlloc(
+ state = (BrotliEncoderState*)BrotliBootstrapAlloc(
sizeof(BrotliEncoderState), alloc_func, free_func, opaque);
if (state == NULL) {
/* BROTLI_DUMP(); */
