Fix remaining ArrayIndexOutOfBoundsExceptions in LZ4DecompressorTest (#6)

An ArrayIndexOutOfBoundsException could indicate either an out-of-bounds access, or invalid arguments (e.g. offset < 0). Since we want to detect the former in the fuzz tests, we need to make sure the latter doesn't happen. This PR:

- Disables the ArrayIndexOutOfBoundsException catch so that it's reported by the fuzzer
- Fixes a bug in the test where the src length was larger than allowed
- Adjusts the LZ4JNIFastDecompressor to throw an LZ4Exception on empty input rather than an ArrayIndexOutOfBoundsExceptions (made by @Marcono1234; not security relevant, this only changes the exception. LZ4JNIFastDecompressor is also disabled by default due to CVE-2025-12183)

With these changes, a quick fuzz run now only shows the native_fast_* tests failing, both with a segfault, which is expected due to CVE-2025-12183.

Author: yawkat

src/java/net/jpountz/lz4/LZ4JNIFastDecompressor.java

@@ -34,8 +34,14 @@ final class LZ4JNIFastDecompressor extends LZ4FastDecompressor {
 
   @Override
   public final int decompress(byte[] src, int srcOff, byte[] dest, int destOff, int destLen) {
-    SafeUtils.checkRange(src, srcOff);
+    int srcLen = src.length - srcOff;
+    SafeUtils.checkRange(src, srcOff, srcLen);
     SafeUtils.checkRange(dest, destOff, destLen);
+
+    if (srcLen == 0) {
+      throw new LZ4Exception("Empty src");
+    }
+
     final int result = LZ4JNI.LZ4_decompress_fast(src, null, srcOff, dest, null, destOff, destLen);
     if (result < 0) {
       throw new LZ4Exception("Error decoding offset " + (srcOff - result) + " of input buffer");
@@ -46,9 +52,14 @@ public final int decompress(byte[] src, int srcOff, byte[] dest, int destOff, in
   @Override
   public int decompress(ByteBuffer src, int srcOff, ByteBuffer dest, int destOff, int destLen) {
     ByteBufferUtils.checkNotReadOnly(dest);
-    ByteBufferUtils.checkRange(src, srcOff);
+    int srcLen = src.capacity() - srcOff;
+    ByteBufferUtils.checkRange(src, srcOff, srcLen);
     ByteBufferUtils.checkRange(dest, destOff, destLen);
 
+    if (srcLen == 0) {
+      throw new LZ4Exception("Empty src");
+    }
+
     if ((src.hasArray() || src.isDirect()) && (dest.hasArray() || dest.isDirect())) {
       byte[] srcArr = null, destArr = null;
       ByteBuffer srcBuf = null, destBuf = null;

src/test/net/jpountz/fuzz/LZ4DecompressorTest.java

@@ -31,17 +31,17 @@ private void test(FuzzedDataProvider data, LZ4Factory factory, boolean fast, boo
         if (fast) {
           factory.fastDecompressor().decompress(srcBuf, srcOff, destBuf, destOff, destLen);
         } else {
-          factory.safeDecompressor().decompress(srcBuf, srcOff, src.length - srcOffEnd, destBuf, destOff, destLen);
+          factory.safeDecompressor().decompress(srcBuf, srcOff, src.length - srcOffEnd - srcOff, destBuf, destOff, destLen);
         }
       } else {
         byte[] dest = new byte[destOff + destLen];
         if (fast) {
           factory.fastDecompressor().decompress(src, srcOff, dest, destOff, destLen);
         } else {
-          factory.safeDecompressor().decompress(src, srcOff, src.length - srcOffEnd, dest, destOff);
+          factory.safeDecompressor().decompress(src, srcOff, src.length - srcOffEnd - srcOff, dest, destOff);
         }
       }
-    } catch (LZ4Exception | ArrayIndexOutOfBoundsException ignored) {
+    } catch (LZ4Exception ignored) {
     }
   }