Decompressors: validate match distance in decompress_unlzma.c
Validate the newly decoded distance (rep0) in process_bit1(). This is to detect corrupt LZMA data quickly. The old code can run for long time producing garbage until it hits the end of the input. Signed-off-by: Lasse Collin <lasse.collin@tukaani.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Alain Knaff <alain@knaff.lu> Cc: Albin Tonnerre <albin.tonnerre@free-electrons.com> Cc: Phillip Lougher <phillip@lougher.demon.co.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
528941ca05
commit
eb0cf3e19b
|
@ -522,6 +522,9 @@ static inline int INIT process_bit1(struct writer *wr, struct rc *rc,
|
|||
cst->rep0 = pos_slot;
|
||||
if (++(cst->rep0) == 0)
|
||||
return 0;
|
||||
if (cst->rep0 > wr->header->dict_size
|
||||
|| cst->rep0 > get_pos(wr))
|
||||
return -1;
|
||||
}
|
||||
|
||||
len += LZMA_MATCH_MIN_LEN;
|
||||
|
|
Loading…
Reference in New Issue