From 21c6b94373d239d7e86bd480fcd558e30391712f Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Tue, 28 Apr 2009 23:08:32 +0300 Subject: Fixed a crash in liblzma. liblzma tries to avoid useless free()/malloc() pairs in initialization when multiple files are handled using the same lzma_stream. This didn't work with filter chains due to comparison of wrong pointers in lzma_next_coder_init(), making liblzma think that no memory reallocation is needed even when it actually is. Easy way to trigger this bug is to decompress two files with a single xz command. The first file should have e.g. x86+LZMA2 as the filter chain, and the second file just LZMA2. --- src/liblzma/common/block_decoder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/liblzma/common/block_decoder.c') diff --git a/src/liblzma/common/block_decoder.c b/src/liblzma/common/block_decoder.c index 8c174a80..9b998e63 100644 --- a/src/liblzma/common/block_decoder.c +++ b/src/liblzma/common/block_decoder.c @@ -186,7 +186,7 @@ extern lzma_ret lzma_block_decoder_init(lzma_next_coder *next, lzma_allocator *allocator, lzma_block *block) { - lzma_next_coder_init(lzma_block_decoder_init, next, allocator); + lzma_next_coder_init(&lzma_block_decoder_init, next, allocator); // Validate the options. lzma_block_unpadded_size() does that for us // except for Uncompressed Size and filters. Filters are validated -- cgit v1.2.3