Issue 400: Crash reading malformed compress (.Z) input

The KwKwK case can never validly appear as the first token
after a reset.

Thanks to the afl-gcc folks for finding this.

diff --git a/libarchive/archive_read_support_filter_compress.c b/libarchive/archive_read_support_filter_compress.c
index 3f5d1f37eab3cec13bc4fb0aea3d1477ddb6edde..832771f8dc74cf8bac71c99bc0ba2cf3052c8d5c 100644 (file)
--- a/libarchive/archive_read_support_filter_compress.c
+++ b/libarchive/archive_read_support_filter_compress.c
@@ -368,7 +368,8 @@ next_code(struct archive_read_filter *self)
                return (next_code(self));
        }
 
-       if (code > state->free_ent) {
+       if (code > state->free_ent
+           || (code == state->free_ent && state->oldcode < 0)) {
                /* An invalid code is a fatal error. */
                archive_set_error(&(self->archive->archive), -1,
                    "Invalid compressed data");