From: Lasse Collin <lasse.collin@tukaani.org>
Date: Thu, 8 Dec 2022 15:30:09 +0000 (+0200)
Subject: liblzma: Check for unexpected NULL pointers in block_header_decode().
X-Git-Tag: v5.2.10~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7623b22d1d59c78033425a2448613837bcd203a2;p=thirdparty%2Fxz.git

liblzma: Check for unexpected NULL pointers in block_header_decode().

The API docs gave an impression that such checks are done
but they actually weren't done. In practice it made little
difference since the calling code has a bug if these are NULL.

Thanks to Jia Tan for the original patch that checked for
block->filters == NULL.
---

diff --git a/src/liblzma/common/block_header_decoder.c b/src/liblzma/common/block_header_decoder.c
index 2e1135dd..060479b4 100644
--- a/src/liblzma/common/block_header_decoder.c
+++ b/src/liblzma/common/block_header_decoder.c
@@ -39,6 +39,10 @@ lzma_block_header_decode(lzma_block *block,
 	// are invalid or over 63 bits, or if the header is too small
 	// to contain the claimed information.
 
+	// Catch unexpected NULL pointers.
+	if (block == NULL || block->filters == NULL || in == NULL)
+		return LZMA_PROG_ERROR;
+
 	// Initialize the filter options array. This way the caller can
 	// safely free() the options even if an error occurs in this function.
 	for (size_t i = 0; i <= LZMA_FILTERS_MAX; ++i) {