debian/patches/0019-Fix-a-bug-loading-some-compressed-files.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

From: Mike Alexander <mta@umich.edu>
Date: Thu, 28 Nov 2013 23:21:23 +0800
Subject: Fix a bug loading some compressed files

For https://bugzilla.gnome.org/show_bug.cgi?id=712528
Related to https://bugzilla.redhat.com/show_bug.cgi?id=877567

There is a bug in xzlib.c which causes certain compressed XML files to fail to
load correctly.  The code in xz_decomp which attempts to verify the checksum
and length of the expanded data fails if the checksum or length at the end of
the file crosses a 1024 byte boundary.  It calls gz_next4 to get those two
values.  This function uses the stream state in state->zstrm, but calls
xz_avail which uses the state->strm stream info.  This causes gz_next4 to
signal a premature EOF if the data it is fetching crosses a 1024 byte boundary.
---
 xzlib.c |   26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/xzlib.c b/xzlib.c
index 928bd17..cd045fa 100644
--- a/xzlib.c
+++ b/xzlib.c
@@ -245,6 +245,20 @@ xz_avail(xz_statep state)
     return 0;
 }
 
+#ifdef HAVE_ZLIB_H
+static int
+xz_avail_zstrm(xz_statep state)
+{
+    int ret;
+    state->strm.avail_in = state->zstrm.avail_in;
+    state->strm.next_in = state->zstrm.next_in;
+    ret = xz_avail(state);
+    state->zstrm.avail_in = (uInt) state->strm.avail_in;
+    state->zstrm.next_in = (Bytef *) state->strm.next_in;
+    return ret;
+}
+#endif
+
 static int
 is_format_xz(xz_statep state)
 {
@@ -314,6 +328,10 @@ is_format_lzma(xz_statep state)
 #define NEXT() ((strm->avail_in == 0 && xz_avail(state) == -1) ? -1 : \
                 (strm->avail_in == 0 ? -1 : \
                  (strm->avail_in--, *(strm->next_in)++)))
+/* Same thing, but from zstrm */
+#define NEXTZ() ((strm->avail_in == 0 && xz_avail_zstrm(state) == -1) ? -1 : \
+                (strm->avail_in == 0 ? -1 : \
+                 (strm->avail_in--, *(strm->next_in)++)))
 
 /* Get a four-byte little-endian integer and return 0 on success and the value
    in *ret.  Otherwise -1 is returned and *ret is not modified. */
@@ -324,10 +342,10 @@ gz_next4(xz_statep state, unsigned long *ret)
     unsigned long val;
     z_streamp strm = &(state->zstrm);
 
-    val = NEXT();
-    val += (unsigned) NEXT() << 8;
-    val += (unsigned long) NEXT() << 16;
-    ch = NEXT();
+    val = NEXTZ();
+    val += (unsigned) NEXTZ() << 8;
+    val += (unsigned long) NEXTZ() << 16;
+    ch = NEXTZ();
     if (ch == -1)
         return -1;
     val += (unsigned long) ch << 24;