Fixed a crash in liblzma.

liblzma tries to avoid useless free()/malloc() pairs in initialization when multiple files are handled using the same lzma_stream. This didn't work with filter chains due to comparison of wrong pointers in lzma_next_coder_init(), making liblzma think that no memory reallocation is needed even when it actually is. Easy way to trigger this bug is to decompress two files with a single xz command. The first file should have e.g. x86+LZMA2 as the filter chain, and the second file just LZMA2.
author: Lasse Collin <lasse.collin@tukaani.org> 2009-04-28 23:08:32 +0300
committer: Lasse Collin <lasse.collin@tukaani.org> 2009-04-28 23:08:32 +0300
commit: 21c6b94373d239d7e86bd480fcd558e30391712f (patch)
tree: 072a944fecdd87fcd25a80a723d8b1d220d2f642 /src/liblzma/common/common.h
parent: Fix uint32_t -> size_t in ARM and ARM-Thumb filters. (diff)
download: xz-21c6b94373d239d7e86bd480fcd558e30391712f.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/liblzma/common/common.h b/src/liblzma/common/common.h
index ca75d506..de252604 100644
--- a/src/liblzma/common/common.h
+++ b/src/liblzma/common/common.h
@@ -240,9 +240,9 @@ do { \
 /// next->init to func is still OK.
 #define lzma_next_coder_init(func, next, allocator) \
 do { \
-	if ((uintptr_t)(&func) != (next)->init) \
+	if ((uintptr_t)(func) != (next)->init) \
 		lzma_next_end(next, allocator); \
-	(next)->init = (uintptr_t)(&func); \
+	(next)->init = (uintptr_t)(func); \
 } while (0)
author	Lasse Collin <lasse.collin@tukaani.org>	2009-04-28 23:08:32 +0300
committer	Lasse Collin <lasse.collin@tukaani.org>	2009-04-28 23:08:32 +0300
commit	21c6b94373d239d7e86bd480fcd558e30391712f (patch)
tree	072a944fecdd87fcd25a80a723d8b1d220d2f642 /src/liblzma/common/common.h
parent	Fix uint32_t -> size_t in ARM and ARM-Thumb filters. (diff)
download	xz-21c6b94373d239d7e86bd480fcd558e30391712f.tar.xz