• Lasse Collin's avatar
    XZ: Fix incorrect XZ_BUF_ERROR · 9c1f8594
    Lasse Collin authored
    xz_dec_run() could incorrectly return XZ_BUF_ERROR if all of the
    following was true:
    
     - The caller knows how many bytes of output to expect and only provides
       that much output space.
    
     - When the last output bytes are decoded, the caller-provided input
       buffer ends right before the LZMA2 end of payload marker.  So LZMA2
       won't provide more output anymore, but it won't know it yet and thus
       won't return XZ_STREAM_END yet.
    
     - A BCJ filter is in use and it hasn't left any unfiltered bytes in the
       temp buffer.  This can happen with any BCJ filter, but in practice
       it's more likely with filters other than the x86 BCJ.
    
    This fixes <https://bugzilla.redhat.com/show_bug.cgi?id=735408> where
    Squashfs thinks that a valid file system is corrupt.
    
    This also fixes a similar bug in single-call mode where the uncompressed
    size of a block using BCJ + LZMA2 was 0 bytes and caller provided no
    output space.  Many empty .xz files don't contain any blocks and thus
    don't trigger this bug.
    
    This also tweaks a closely related detail: xz_dec_bcj_run() could call
    xz_dec_lzma2_run() to decode into temp buffer when it was known to be
    useless.  This was harmless although it wasted a minuscule number of CPU
    cycles.
    Signed-off-by: 's avatarLasse Collin <lasse.collin@tukaani.org>
    Cc: stable <stable@kernel.org>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    9c1f8594
xz_dec_bcj.c 13.6 KB