From db465419ae26ec7fb9b9472183911ff521620c77 Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Sun, 17 Jan 2021 19:20:50 +0200 Subject: [PATCH] liblzma: In EROFS LZMA decoder, verify that comp_size matches at the end. When the uncompressed size is known to be exact, after decompressing the stream exactly comp_size bytes of input must have been consumed. This is a minor improvement to error detection. --- src/liblzma/common/erofs_decoder.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/liblzma/common/erofs_decoder.c b/src/liblzma/common/erofs_decoder.c index 816e2482..9264adda 100644 --- a/src/liblzma/common/erofs_decoder.c +++ b/src/liblzma/common/erofs_decoder.c @@ -132,7 +132,12 @@ erofs_decode(void *coder_ptr, const lzma_allocator *allocator, assert(coder->comp_size >= *in_pos - in_start); coder->comp_size -= *in_pos - in_start; - if (!coder->uncomp_size_is_exact) { + if (coder->uncomp_size_is_exact) { + // After successful decompression of the complete stream + // the compressed size must match. + if (ret == LZMA_STREAM_END && coder->comp_size != 0) + ret = LZMA_DATA_ERROR; + } else { // Update the amount of output remaining. assert(coder->uncomp_size >= *out_pos - out_start); coder->uncomp_size -= *out_pos - out_start;