ShuriZma
/
xenia
mirror of https://github.com/xenia-project/xenia.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixing potential OOB window write when unpacking chm files

This commit is contained in:
npt-1707 2025-04-21 23:21:26 +08:00
parent 3d30b2eec3
commit 02da552981
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
third_party/mspack/lzxd.c vendored
View File

@ -781,6 +781,10 @@ int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) {
case LZX_BLOCKTYPE_UNCOMPRESSED:
/* as this_run is limited not to wrap a frame, this also means it
* won't wrap the window (as the window is a multiple of 32k) */
if (window_posn + this_run > lzx->window_size) {
D(("match ran over window boundary"))
return lzx->error = MSPACK_ERR_DECRUNCH;
}
rundest = &window[window_posn];
window_posn += this_run;
while (this_run > 0) {
@ -903,7 +907,9 @@ void lzxd_free(struct lzxd_stream *lzx) {
struct mspack_system *sys;
if (lzx) {
sys = lzx->sys;
if(lzx->inbuf)
sys->free(lzx->inbuf);
if(lzx->window)
sys->free(lzx->window);
sys->free(lzx);
}