From 75107217670a97b7b772833669d88c3c2f188e37 Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Sun, 5 Jan 2025 12:10:05 +0200 Subject: [PATCH] liblzma: Always validate the first digit of a preset string lzma_str_to_filters() may call parse_lzma12_preset() in two ways. The call from str_to_filters() detects the string type from the first character(s) and as a side-effect it validates the first digit of the preset string. So this change makes no difference there. However, the call from parse_options() doesn't pre-validate the string. parse_lzma12_preset() will return an invalid value which is passed to lzma_lzma_preset() which safely rejects it. The bug still affects the the error message: $ xz --filters=lzma2:preset=X xz: Error in --filters=FILTERS option: xz: lzma2:preset=X xz: ^ xz: Unsupported preset After the fix: $ xz --filters=lzma2:preset=X xz: Error in --filters=FILTERS option: xz: lzma2:preset=X xz: ^ xz: Unsupported preset The ^ now correctly points to the X and not past it because the X itself is the problematic character. Fixes: cedeeca2ea6ada5b0411b2ae10d7a859e837f203 --- src/liblzma/common/string_conversion.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/liblzma/common/string_conversion.c b/src/liblzma/common/string_conversion.c index c899783c..3a08486a 100644 --- a/src/liblzma/common/string_conversion.c +++ b/src/liblzma/common/string_conversion.c @@ -317,6 +317,10 @@ parse_lzma12_preset(const char **const str, const char *str_end, uint32_t *preset) { assert(*str < str_end); + + if (!(**str >= '0' && **str <= '9')) + return "Unsupported preset"; + *preset = (uint32_t)(**str - '0'); // NOTE: Remember to update LZMA12_PRESET_STR if this is modified!