From: Tim Kientzle <kientzle@acm.org>
Date: Sat, 7 Feb 2015 07:39:33 +0000 (-0800)
Subject: Issue 400: Crash reading malformed compress (.Z) input
X-Git-Tag: v3.1.900a~141
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78e5fd4e8756b6c23c310d7c11722f663383b39c;p=thirdparty%2Flibarchive.git

Issue 400: Crash reading malformed compress (.Z) input

The KwKwK case can never validly appear as the first token
after a reset.

Thanks to the afl-gcc folks for finding this.
---

diff --git a/libarchive/archive_read_support_filter_compress.c b/libarchive/archive_read_support_filter_compress.c
index 3f5d1f37e..832771f8d 100644
--- a/libarchive/archive_read_support_filter_compress.c
+++ b/libarchive/archive_read_support_filter_compress.c
@@ -368,7 +368,8 @@ next_code(struct archive_read_filter *self)
 		return (next_code(self));
 	}
 
-	if (code > state->free_ent) {
+	if (code > state->free_ent
+	    || (code == state->free_ent && state->oldcode < 0)) {
 		/* An invalid code is a fatal error. */
 		archive_set_error(&(self->archive->archive), -1,
 		    "Invalid compressed data");