From 4b15f5272371af4a334ce521d1cff06ca915cb8c Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@meta.com>
Date: Fri, 6 Mar 2026 13:28:45 -0800
Subject: [PATCH] Fuzzer fixes in ROLZ

Summary: Two fixes in dev & release ROLZ

Differential Revision: D95604468
---
 src/openzl/codecs/rolz/decode_experimental_dec.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/openzl/codecs/rolz/decode_experimental_dec.c b/src/openzl/codecs/rolz/decode_experimental_dec.c
index d9728130b..fa09c1e32 100644
--- a/src/openzl/codecs/rolz/decode_experimental_dec.c
+++ b/src/openzl/codecs/rolz/decode_experimental_dec.c
@@ -539,6 +539,9 @@ ZL_FORCE_INLINE size_t ZS_execExperimentalSequence(
     ZL_ASSERT_GE(match, ostart);
     ZL_ASSERT_LT(match, op);
 
+    if (op + matchLength > oend) {
+        return 0;
+    }
     for (size_t i = 0; i < matchLength; ++i) {
         op[i] = match[i];
     }
@@ -610,6 +613,13 @@ static ZL_Report ZS_experimentalDecoder_decompress(
             rolzContextLog,
             0,
             "contextLog must be greater than 0");
+    ZL_RET_R_IF_EQ(
+            node_invalid_input, rolzRowLog, 0, "rowLog must be greater than 0");
+    ZL_RET_R_IF_GT(
+            node_invalid_input,
+            rolzContextLog + rolzRowLog,
+            27,
+            "contextLog + rowLog exceeds maximum");
     ZL_RET_R_IF_GE(GENERIC, numSequences, (1 << 30), "too many sequences");
     ZL_RET_R_IF_GE(GENERIC, numLiterals, (1 << 30), "too many literals");