From ff7fb2c605bccc411069e07b9f11fb957aea2ddf Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Mon, 15 Dec 2008 10:01:59 +0200
Subject: Fix data corruption in LZMA2 decoder.

---
 src/liblzma/lz/lz_decoder.c | 17 ++++++++++++++++-
 src/liblzma/lz/lz_decoder.h |  8 +++++---
 2 files changed, 21 insertions(+), 4 deletions(-)

(limited to 'src/liblzma/lz')

diff --git a/src/liblzma/lz/lz_decoder.c b/src/liblzma/lz/lz_decoder.c
index d4bd59f2..ce3d50d1 100644
--- a/src/liblzma/lz/lz_decoder.c
+++ b/src/liblzma/lz/lz_decoder.c
@@ -58,6 +58,17 @@ struct lzma_coder_s {
 };
 
 
+static void
+lz_decoder_reset(lzma_coder *coder)
+{
+	coder->dict.pos = 0;
+	coder->dict.full = 0;
+	coder->dict.buf[coder->dict.size - 1] = '\0';
+	coder->dict.need_reset = false;
+	return;
+}
+
+
 static lzma_ret
 decode_buffer(lzma_coder *coder,
 		const uint8_t *restrict in, size_t *restrict in_pos,
@@ -93,6 +104,10 @@ decode_buffer(lzma_coder *coder,
 				copy_size);
 		*out_pos += copy_size;
 
+		// Reset the dictionary if so requested by process().
+		if (coder->dict.need_reset)
+			lz_decoder_reset(coder);
+
 		// Return if everything got decoded or an error occurred, or
 		// if there's no more data to decode.
 		if (ret != LZMA_OK || *out_pos == out_size
@@ -235,7 +250,7 @@ lzma_lz_decoder_init(lzma_next_coder *next, lzma_allocator *allocator,
 		next->coder->dict.size = dict_size;
 	}
 
-	dict_reset(&next->coder->dict);
+	lz_decoder_reset(next->coder);
 
 	// Miscellaneous initializations
 	next->coder->next_finished = false;
diff --git a/src/liblzma/lz/lz_decoder.h b/src/liblzma/lz/lz_decoder.h
index 53ee1c1e..5ac44057 100644
--- a/src/liblzma/lz/lz_decoder.h
+++ b/src/liblzma/lz/lz_decoder.h
@@ -45,6 +45,9 @@ typedef struct {
 	/// Size of the dictionary
 	size_t size;
 
+	/// True when dictionary should be reset before decoding more data.
+	bool need_reset;
+
 } lzma_dict;
 
 
@@ -224,9 +227,8 @@ dict_write(lzma_dict *restrict dict, const uint8_t *restrict in,
 static inline void
 dict_reset(lzma_dict *dict)
 {
-	dict->pos = 0;
-	dict->full = 0;
-	dict->buf[dict->size - 1] = '\0';
+	dict->need_reset = true;
+	return;
 }
 
 #endif
-- 
cgit v1.2.3