Decompressors: check for read errors in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Return value of rc->fill() is checked in rc_read() and error() is called
when needed, but then the code continues as if nothing had happened.

rc_read() is a void function and it's on the top of performance critical
call stacks, so propagating the error code via return values doesn't sound
like the best fix.  It seems better to check rc->buffer_size (which holds
the return value of rc->fill()) in the main loop.  It does nothing bad
that the code runs a little with unknown data after a failed rc->fill().

This fixes an infinite loop in initramfs decompression if the
LZMA-compressed initramfs image is corrupt.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c
index eb3fbba8263c5afbb3fadd6a05ed86eb1951ff0e..781982b524b9a13e4154bc4a9a12c65572cfe391 100644 (file)
--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -625,6 +625,8 @@ STATIC int INIT unlzma(unsigned char *buf, unsigned int in_len,
                        if (cst.rep0 == 0)
                                break;
                }
+               if (rc.buffer_size <= 0)
+                       goto exit_3;
        }
 
        if (posp)
@@ -632,6 +634,7 @@ STATIC int INIT unlzma(unsigned char *buf, unsigned int in_len,
        if (wr.flush)
                wr.flush(wr.buffer, wr.buffer_pos);
        ret = 0;
+exit_3:
        large_free(p);
 exit_2:
        if (!output)