unlzma: fix a case where we could read before beginning of buffer

Testcase:

  21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6
  00 17 02 10 11 0f ff 00 16 00 00

Unfortunately, the bug is not reliably causing a segfault,
the behavior depends on what's in memory before the buffer.

function                                             old     new   delta
unpack_lzma_stream                                  2762    2768      +6

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

2 files changed, 13 insertions, 4 deletions

diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests
index 0e98afe09..fcc6e9441 100755
--- a/testsuite/unlzma.tests
+++ b/testsuite/unlzma.tests
@@ -8,14 +8,23 @@
 
 # Damaged encrypted streams
 testing "unlzma (bad archive 1)" \
-        "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \
-"1
+        "unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
 " "" ""
 
 # Damaged encrypted streams
 testing "unlzma (bad archive 2)" \
-        "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \
-"1
+        "unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
+" "" ""
+
+# Damaged encrypted streams
+testing "unlzma (bad archive 3)" \
+        "unlzma <unlzma_issue_3.lzma 2>&1 >/dev/null; echo \$?" \
+"unlzma: corrupted data
+1
 " "" ""
 
 exit $FAILCOUNT
diff --git a/testsuite/unlzma_issue_3.lzma b/testsuite/unlzma_issue_3.lzma
new file mode 100644
index 000000000..cc60f29e4
--- /dev/null
+++ b/testsuite/unlzma_issue_3.lzma