From 9bc32f2d7dc05e3d6e8dc96e30858ea565730f8e Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Fri, 11 Nov 2011 14:32:03 +0100
Subject: [PATCH] Decompressors: fix header validation in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller.  Instead the decoding is
attempted with invalid header.pos.  This fixes it.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>
---
 xen/common/unlzma.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c
index 7ecd161d56..eb3fbba826 100644
--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -568,8 +568,10 @@ STATIC int INIT unlzma(unsigned char *buf, unsigned int in_len,
 		((unsigned char *)&header)[i] = *rc.ptr++;
 	}
 
-	if (header.pos >= (9 * 5 * 5))
+	if (header.pos >= (9 * 5 * 5)) {
 		error("bad header");
+		goto exit_1;
+	}
 
 	mi = 0;
 	lc = header.pos;
-- 
2.30.2