unlzma: fix erroneous "while" instead of "if". Closes 4682

These parts of the code essentially check whether stepping back by rep0 goes negative or not. LZMA SDK from lzma1604.7z has the following in the corresponding places: ... = dic[dicPos - rep0 + (dicPos < rep0 ? dicBufSize : 0)] Clearly, not loop here. Technically, "while" here works: if condition is false (because pos underflowed), it iterates once, adds header.dict_size (a.k.a. dicBufSize), this makes pos positive but smaller than header.dict_size, and loop exits. Now we'll just check for negative result of subtraction, which is less code: function old new delta unpack_lzma_stream 2659 2641 -18 (I hope 2 Gbyte+ dictionaries won't be in use soon). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-01-09 13:55:11 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-01-09 14:02:55 +0100
commit: 3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (patch)
tree: 8361ddd5dd5e4d35067ab4166f63aa482fece476
parent: 8c1d857d2582c689681c7e6d3dc299613b4a7167 (diff)
download: busybox-w32-3989e5adf454a3ab98412b249c2c9bd2a3175ae0.tar.gz
busybox-w32-3989e5adf454a3ab98412b249c2c9bd2a3175ae0.tar.bz2
busybox-w32-3989e5adf454a3ab98412b249c2c9bd2a3175ae0.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index c8622f97b..90a428583 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -278,9 +278,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
                        if (state >= LZMA_NUM_LIT_STATES) {
                                int match_byte;
-                                uint32_t pos = buffer_pos - rep0;
+                                uint32_t pos;
-                                while (pos >= header.dict_size)
+                                pos = buffer_pos - rep0;
+                                if ((int32_t)pos < 0)
                                        pos += header.dict_size;
                                match_byte = buffer[pos];
                                do {
@@ -336,9 +337,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
                                        );
                                        if (!rc_is_bit_1(rc, prob2)) {
 #if ENABLE_FEATURE_LZMA_FAST
-                                                uint32_t pos = buffer_pos - rep0;
+                                                uint32_t pos;
                                                state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
-                                                while (pos >= header.dict_size)
+                                                pos = buffer_pos - rep0;
+                                                if ((int32_t)pos < 0)
                                                        pos += header.dict_size;
                                                previous_byte = buffer[pos];
                                                goto one_byte1;
@@ -432,7 +435,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
 IF_NOT_FEATURE_LZMA_FAST(string:)
                        do {
                                uint32_t pos = buffer_pos - rep0;
-                                while (pos >= header.dict_size)
+                                if ((int32_t)pos < 0)
                                        pos += header.dict_size;
                                previous_byte = buffer[pos];
 IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-01-09 13:55:11 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-01-09 14:02:55 +0100
commit	3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (patch)
tree	8361ddd5dd5e4d35067ab4166f63aa482fece476
parent	8c1d857d2582c689681c7e6d3dc299613b4a7167 (diff)
download	busybox-w32-3989e5adf454a3ab98412b249c2c9bd2a3175ae0.tar.gz busybox-w32-3989e5adf454a3ab98412b249c2c9bd2a3175ae0.tar.bz2 busybox-w32-3989e5adf454a3ab98412b249c2c9bd2a3175ae0.zip

diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c index c8622f97b..90a428583 100644 --- a/archival/libarchive/decompress_unlzma.c +++ b/archival/libarchive/decompress_unlzma.c
@@ -278,9 +278,10 @@ unpack_lzma_stream(transformer_state_t *xstate)
278		278
279	if (state >= LZMA_NUM_LIT_STATES) {	279	if (state >= LZMA_NUM_LIT_STATES) {
280	int match_byte;	280	int match_byte;
281	uint32_t pos = buffer_pos - rep0;	281	uint32_t pos;
282		282
283	while (pos >= header.dict_size)	283	pos = buffer_pos - rep0;
		284	if ((int32_t)pos < 0)
284	pos += header.dict_size;	285	pos += header.dict_size;
285	match_byte = buffer[pos];	286	match_byte = buffer[pos];
286	do {	287	do {
@@ -336,9 +337,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
336	);	337	);
337	if (!rc_is_bit_1(rc, prob2)) {	338	if (!rc_is_bit_1(rc, prob2)) {
338	#if ENABLE_FEATURE_LZMA_FAST	339	#if ENABLE_FEATURE_LZMA_FAST
339	uint32_t pos = buffer_pos - rep0;	340	uint32_t pos;
340	state = state < LZMA_NUM_LIT_STATES ? 9 : 11;	341	state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
341	while (pos >= header.dict_size)	342
		343	pos = buffer_pos - rep0;
		344	if ((int32_t)pos < 0)
342	pos += header.dict_size;	345	pos += header.dict_size;
343	previous_byte = buffer[pos];	346	previous_byte = buffer[pos];
344	goto one_byte1;	347	goto one_byte1;
@@ -432,7 +435,7 @@ unpack_lzma_stream(transformer_state_t *xstate)
432	IF_NOT_FEATURE_LZMA_FAST(string:)	435	IF_NOT_FEATURE_LZMA_FAST(string:)
433	do {	436	do {
434	uint32_t pos = buffer_pos - rep0;	437	uint32_t pos = buffer_pos - rep0;
435	while (pos >= header.dict_size)	438	if ((int32_t)pos < 0)
436	pos += header.dict_size;	439	pos += header.dict_size;
437	previous_byte = buffer[pos];	440	previous_byte = buffer[pos];
438	IF_NOT_FEATURE_LZMA_FAST(one_byte2:)	441	IF_NOT_FEATURE_LZMA_FAST(one_byte2:)