diff options
author | Jia Tan <jiat0218@gmail.com> | 2023-02-03 00:33:32 +0800 |
---|---|---|
committer | Jia Tan <jiat0218@gmail.com> | 2023-02-03 00:42:27 +0800 |
commit | 2c78a83c6faec70154d9eb78022a618ed62cdcb3 (patch) | |
tree | 07731a33bd41c1b5a970a82ef40891d15dd73cfc /src/liblzma | |
parent | Tests: Create test_filter_str.c. (diff) | |
download | xz-2c78a83c6faec70154d9eb78022a618ed62cdcb3.tar.xz |
liblzma: Fix bug in lzma_str_from_filters() not checking filters[] length.
The bug is only a problem in applications that do not properly terminate
the filters[] array with LZMA_VLI_UNKNOWN or have more than
LZMA_FILTERS_MAX filters. This bug does not affect xz.
Diffstat (limited to 'src/liblzma')
-rw-r--r-- | src/liblzma/common/string_conversion.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/liblzma/common/string_conversion.c b/src/liblzma/common/string_conversion.c index d5e2cd77..0d09053f 100644 --- a/src/liblzma/common/string_conversion.c +++ b/src/liblzma/common/string_conversion.c @@ -1131,6 +1131,13 @@ lzma_str_from_filters(char **output_str, const lzma_filter *filters, const char *opt_delim = (flags & LZMA_STR_GETOPT_LONG) ? "=" : ":"; for (size_t i = 0; filters[i].id != LZMA_VLI_UNKNOWN; ++i) { + // If we reach LZMA_FILTERS_MAX, then the filters array + // is too large since the ID cannot be LZMA_VLI_UNKNOWN here. + if (i == LZMA_FILTERS_MAX) { + str_free(&dest, allocator); + return LZMA_OPTIONS_ERROR; + } + // Don't add a space between filters if the caller // doesn't want them. if (i > 0 && !(flags & LZMA_STR_NO_SPACES)) |