From ecbc34d90b5457c9669ca2078e5acbc17422839e Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Sat, 27 Apr 2024 14:33:38 +0300 Subject: [PATCH] liblzma: index_decoder: Fix missing initializations on LZMA_PROG_ERROR If the arguments to lzma_index_decoder() or lzma_index_buffer_decode() were such that LZMA_PROG_ERROR was returned, the lzma_index **i argument wasn't touched even though the API docs say that *i = NULL is done if an error occurs. This obviously won't be done even now if i == NULL but otherwise it is best to do it due to the wording in the API docs. In practice this matters very little: The problem can occur only if the functions are called with invalid arguments, that is, the calling application must already have a bug. (cherry picked from commit 71eed2520e2eecae89bade9dceea16e56cfa2ea0) (cherry picked from commit 214569ace8ebb34a853cdc958ac7117c8051fe03) --- src/liblzma/common/index_decoder.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/liblzma/common/index_decoder.c b/src/liblzma/common/index_decoder.c index 868d3d27..c22645fe 100644 --- a/src/liblzma/common/index_decoder.c +++ b/src/liblzma/common/index_decoder.c @@ -303,6 +303,12 @@ index_decoder_init(lzma_next_coder *next, const lzma_allocator *allocator, extern LZMA_API(lzma_ret) lzma_index_decoder(lzma_stream *strm, lzma_index **i, uint64_t memlimit) { + // If i isn't NULL, *i must always be initialized due to + // the wording in the API docs. This way it is initialized + // if we return LZMA_PROG_ERROR due to strm == NULL. + if (i != NULL) + *i = NULL; + lzma_next_strm_init(index_decoder_init, strm, i, memlimit); strm->internal->supported_actions[LZMA_RUN] = true; @@ -317,6 +323,11 @@ lzma_index_buffer_decode(lzma_index **i, uint64_t *memlimit, const lzma_allocator *allocator, const uint8_t *in, size_t *in_pos, size_t in_size) { + // If i isn't NULL, *i must always be initialized due to + // the wording in the API docs. + if (i != NULL) + *i = NULL; + // Sanity checks if (i == NULL || memlimit == NULL || in == NULL || in_pos == NULL || *in_pos > in_size)