From: Eric Biggers <ebiggers3@gmail.com>
Date: Tue, 29 Jul 2014 02:30:56 +0000 (-0500)
Subject: decompress_common.h: Add back check for buffer overrun
X-Git-Tag: v1.7.1~22
X-Git-Url: https://wimlib.net/git/?p=wimlib;a=commitdiff_plain;h=bf37aaad751707696439d5070eeaea8d7e9a9e14

decompress_common.h: Add back check for buffer overrun

This got lost by commit 8e9c6b63fcba9406cea6b742859e7730e0e2e8a9 two days
ago.  This check is still needed, unfortunately.

The unrolled loop and is_constant() optimization still helps a bit, but
not as much now.
---

diff --git a/include/wimlib/decompress_common.h b/include/wimlib/decompress_common.h
index 7428e320..2b5d4f65 100644
--- a/include/wimlib/decompress_common.h
+++ b/include/wimlib/decompress_common.h
@@ -54,7 +54,7 @@ init_input_bitstream(struct input_bitstream *istream,
  *
  * If the input data is exhausted, any further bits are assumed to be 0.  */
 static inline void
-bitstream_ensure_bits(struct input_bitstream *istream, unsigned num_bits)
+bitstream_ensure_bits(struct input_bitstream *istream, const unsigned num_bits)
 {
 	u16 nextword;
 	unsigned shift;
@@ -65,6 +65,11 @@ bitstream_ensure_bits(struct input_bitstream *istream, unsigned num_bits)
 	if (istream->bitsleft >= num_bits)
 		return;
 
+	if (unlikely(istream->data_bytes_left < 2)) {
+		istream->bitsleft = num_bits;
+		return;
+	}
+
 	nextword = le16_to_cpu(*(const le16*)istream->data);
 	shift = sizeof(istream->bitbuf) * 8 - 16 - istream->bitsleft;
 	istream->bitbuf |= (u32)nextword << shift;
@@ -77,6 +82,10 @@ bitstream_ensure_bits(struct input_bitstream *istream, unsigned num_bits)
 	if (!(is_constant(num_bits) && num_bits <= 16) &&
 	    unlikely(istream->bitsleft < num_bits))
 	{
+		if (unlikely(istream->data_bytes_left < 2)) {
+			istream->bitsleft = num_bits;
+			return;
+		}
 		nextword = le16_to_cpu(*(const le16*)istream->data);
 		shift = sizeof(istream->bitbuf) * 8 - 16 - istream->bitsleft;
 		istream->bitbuf |= (u32)nextword << shift;