From: Lasse Collin <[email protected]>
s->dict.allocated was initialized to 0 but never set after a successful
allocation, thus the code always thought that the dictionary buffer has
to be reallocated.
Signed-off-by: Lasse Collin <[email protected]>
Reported-by: Yu Sun <[email protected]>
---
diff -Nrup linux-5.3-vanilla/lib/xz/xz_dec_lzma2.c linux-5.3/lib/xz/xz_dec_lzma2.c
--- linux-5.3-vanilla/lib/xz/xz_dec_lzma2.c 2019-09-16 00:19:32.000000000 +0300
+++ linux-5.3/lib/xz/xz_dec_lzma2.c 2019-10-30 20:33:15.460857851 +0200
@@ -1146,6 +1146,7 @@ XZ_EXTERN enum xz_ret xz_dec_lzma2_reset
if (DEC_IS_DYNALLOC(s->dict.mode)) {
if (s->dict.allocated < s->dict.size) {
+ s->dict.allocated = s->dict.size;
vfree(s->dict.buf);
s->dict.buf = vmalloc(s->dict.size);
if (s->dict.buf == NULL) {