d6
/
xz-analysis-mirror
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

liblzma: Fix bug in lzma_str_from_filters() not checking filters[] length. 

The bug is only a problem in applications that do not properly terminate
the filters[] array with LZMA_VLI_UNKNOWN or have more than
LZMA_FILTERS_MAX filters. This bug does not affect xz.
This commit is contained in:
Jia Tan 2023-02-03 00:33:32 +08:00
parent e01f01b9af
commit 2c78a83c6f
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/liblzma/common/string_conversion.c
View File

@ -1131,6 +1131,13 @@ lzma_str_from_filters(char **output_str, const lzma_filter *filters,
const char *opt_delim = (flags & LZMA_STR_GETOPT_LONG) ? "=" : ":";
for (size_t i = 0; filters[i].id != LZMA_VLI_UNKNOWN; ++i) {
// If we reach LZMA_FILTERS_MAX, then the filters array
// is too large since the ID cannot be LZMA_VLI_UNKNOWN here.
if (i == LZMA_FILTERS_MAX) {
str_free(&dest, allocator);
return LZMA_OPTIONS_ERROR;
}
// Don't add a space between filters if the caller
// doesn't want them.
if (i > 0 && !(flags & LZMA_STR_NO_SPACES))