aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJia Tan <jiat0218@gmail.com>2023-02-03 00:33:32 +0800
committerJia Tan <jiat0218@gmail.com>2023-02-03 21:43:01 +0800
commite970c28ac3cb2e8051925f81db2fe953664c2645 (patch)
tree2afa2216be4ed5fa52ca75f31d535d57d93d2983
parentTests: Create test_filter_str.c. (diff)
downloadxz-e970c28ac3cb2e8051925f81db2fe953664c2645.tar.xz
liblzma: Fix bug in lzma_str_from_filters() not checking filters[] length.
The bug is only a problem in applications that do not properly terminate the filters[] array with LZMA_VLI_UNKNOWN or have more than LZMA_FILTERS_MAX filters. This bug does not affect xz.
-rw-r--r--src/liblzma/common/string_conversion.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/liblzma/common/string_conversion.c b/src/liblzma/common/string_conversion.c
index d5e2cd77..0d09053f 100644
--- a/src/liblzma/common/string_conversion.c
+++ b/src/liblzma/common/string_conversion.c
@@ -1131,6 +1131,13 @@ lzma_str_from_filters(char **output_str, const lzma_filter *filters,
const char *opt_delim = (flags & LZMA_STR_GETOPT_LONG) ? "=" : ":";
for (size_t i = 0; filters[i].id != LZMA_VLI_UNKNOWN; ++i) {
+ // If we reach LZMA_FILTERS_MAX, then the filters array
+ // is too large since the ID cannot be LZMA_VLI_UNKNOWN here.
+ if (i == LZMA_FILTERS_MAX) {
+ str_free(&dest, allocator);
+ return LZMA_OPTIONS_ERROR;
+ }
+
// Don't add a space between filters if the caller
// doesn't want them.
if (i > 0 && !(flags & LZMA_STR_NO_SPACES))