make `_fast*()` decoder generate a deprecation warning
updated modification
diff --git a/doc/lz4_manual.html b/doc/lz4_manual.html
index f25aa79..b738c8d 100644
--- a/doc/lz4_manual.html
+++ b/doc/lz4_manual.html
@@ -127,27 +127,6 @@
or 0 if compression fails.
</p></pre><BR>
-<pre><b>int LZ4_decompress_fast (const char* src, char* dst, int originalSize);
-</b><p> This function used to be a bit faster than LZ4_decompress_safe(),
- though situation has changed in recent versions,
- and now `LZ4_decompress_safe()` can be as fast and sometimes faster than `LZ4_decompress_fast()`.
- Moreover, LZ4_decompress_fast() is not protected vs malformed input, as it doesn't perform full validation of compressed data.
- As a consequence, this function is no longer recommended, and may be deprecated in future versions.
- It's last remaining specificity is that it can decompress data without knowing its compressed size.
-
- originalSize : is the uncompressed size to regenerate.
- `dst` must be already allocated, its size must be >= 'originalSize' bytes.
- @return : number of bytes read from source buffer (== compressed size).
- If the source stream is detected malformed, the function stops decoding and returns a negative result.
- note : This function requires uncompressed originalSize to be known in advance.
- The function never writes past the output buffer.
- However, since it doesn't know its 'src' size, it may read past the intended input.
- Also, because match offsets are not validated during decoding,
- reads from 'src' may underflow.
- Use this function in trusted environment **only**.
-
-</p></pre><BR>
-
<pre><b>int LZ4_decompress_safe_partial (const char* src, char* dst, int srcSize, int targetOutputSize, int dstCapacity);
</b><p> Decompress an LZ4 compressed block, of size 'srcSize' at position 'src',
into destination buffer 'dst' of size 'dstCapacity'.
@@ -258,7 +237,6 @@
</p></pre><BR>
<pre><b>int LZ4_decompress_safe_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int srcSize, int dstCapacity);
-int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int originalSize);
</b><p> These decoding functions allow decompression of consecutive blocks in "streaming" mode.
A block is an unsplittable entity, it must be presented entirely to a decompression function.
Decompression functions only accepts one block at a time.
@@ -285,7 +263,6 @@
</p></pre><BR>
<pre><b>int LZ4_decompress_safe_usingDict (const char* src, char* dst, int srcSize, int dstCapcity, const char* dictStart, int dictSize);
-int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, const char* dictStart, int dictSize);
</b><p> These decoding functions work the same as
a combination of LZ4_setStreamDecode() followed by LZ4_decompress_*_continue()
They are stand-alone, and don't need an LZ4_streamDecode_t structure.
@@ -457,11 +434,47 @@
# define LZ4_DEPRECATED(message)
# endif
#endif </b>/* LZ4_DISABLE_DEPRECATE_WARNINGS */<b>
-</b><p> Should deprecation warnings be a problem,
- it is generally possible to disable them,
+</b><p>
+ Deprecated functions make the compiler generate a warning when invoked.
+ This is meant to invite users to update their source code.
+ Should deprecation warnings be a problem, it is generally possible to disable them,
typically with -Wno-deprecated-declarations for gcc
or _CRT_SECURE_NO_WARNINGS in Visual.
- Otherwise, it's also possible to define LZ4_DISABLE_DEPRECATE_WARNINGS
+
+ Another method is to define LZ4_DISABLE_DEPRECATE_WARNINGS
+ before including the header file.
+
+</p></pre><BR>
+
+<pre><b>LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe() instead") LZ4LIB_API
+int LZ4_decompress_fast (const char* src, char* dst, int originalSize);
+LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_continue() instead") LZ4LIB_API
+int LZ4_decompress_fast_continue (LZ4_streamDecode_t* LZ4_streamDecode, const char* src, char* dst, int originalSize);
+LZ4_DEPRECATED("This function is deprecated and unsafe. Consider using LZ4_decompress_safe_usingDict() instead") LZ4LIB_API
+int LZ4_decompress_fast_usingDict (const char* src, char* dst, int originalSize, const char* dictStart, int dictSize);
+</b><p> These functions used to be a bit faster than LZ4_decompress_safe(),
+ but situation has changed in recent versions.
+ Now, `LZ4_decompress_safe()` is as fast and sometimes even faster than `LZ4_decompress_fast()`.
+ Moreover, LZ4_decompress_safe() is protected vs malformed input, while `LZ4_decompress_fast()` is not, making it a security liability.
+ As a consequence, LZ4_decompress_fast() is strongly discouraged, and deprecated.
+
+ Last LZ4_decompress_fast() specificity is that it can decompress a block without knowing its compressed size.
+ Note that even that functionality could be achieved in a more secure manner if need be,
+ though it would require new prototypes, and adaptation of the implementation to this new use case.
+
+ Parameters:
+ originalSize : is the uncompressed size to regenerate.
+ `dst` must be already allocated, its size must be >= 'originalSize' bytes.
+ @return : number of bytes read from source buffer (== compressed size).
+ The function expects to finish at block's end exactly.
+ If the source stream is detected malformed, the function stops decoding and returns a negative result.
+ note : LZ4_decompress_fast*() requires originalSize. Thanks to this information, it never writes past the output buffer.
+ However, since it doesn't know its 'src' size, it may read an unknown amount of input, and overflow input buffer.
+ Also, since match offsets are not validated, match reads from 'src' may underflow.
+ These issues never happen if input data is correct.
+ But they may happen if input data is invalid (error or intentional tampering).
+ As a consequence, use these functions in trusted environments with trusted data **only**.
+
</p></pre><BR>
</html>
