diff options
author | Jia Tan <jiat0218@gmail.com> | 2023-02-03 00:33:32 +0800 |
---|---|---|
committer | Jia Tan <jiat0218@gmail.com> | 2023-02-03 21:43:01 +0800 |
commit | e970c28ac3cb2e8051925f81db2fe953664c2645 (patch) | |
tree | 2afa2216be4ed5fa52ca75f31d535d57d93d2983 | |
parent | Tests: Create test_filter_str.c. (diff) | |
download | xz-e970c28ac3cb2e8051925f81db2fe953664c2645.tar.xz |
liblzma: Fix bug in lzma_str_from_filters() not checking filters[] length.
The bug is only a problem in applications that do not properly terminate
the filters[] array with LZMA_VLI_UNKNOWN or have more than
LZMA_FILTERS_MAX filters. This bug does not affect xz.
-rw-r--r-- | src/liblzma/common/string_conversion.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/liblzma/common/string_conversion.c b/src/liblzma/common/string_conversion.c index d5e2cd77..0d09053f 100644 --- a/src/liblzma/common/string_conversion.c +++ b/src/liblzma/common/string_conversion.c @@ -1131,6 +1131,13 @@ lzma_str_from_filters(char **output_str, const lzma_filter *filters, const char *opt_delim = (flags & LZMA_STR_GETOPT_LONG) ? "=" : ":"; for (size_t i = 0; filters[i].id != LZMA_VLI_UNKNOWN; ++i) { + // If we reach LZMA_FILTERS_MAX, then the filters array + // is too large since the ID cannot be LZMA_VLI_UNKNOWN here. + if (i == LZMA_FILTERS_MAX) { + str_free(&dest, allocator); + return LZMA_OPTIONS_ERROR; + } + // Don't add a space between filters if the caller // doesn't want them. if (i > 0 && !(flags & LZMA_STR_NO_SPACES)) |