Commit f0709e3c authored by Daniel Veillard's avatar Daniel Veillard

CVE-2015-8035 Fix XZ compression support loop

DoS when parsing specially crafted XML document if XZ support
is compiled in (which wasn't the case for 2.9.2 and master since
Nov 2013, fixed in next commit !)
parent e724879d
......@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
xz_error(state, LZMA_DATA_ERROR, "compressed data error");
return -1;
if (ret == LZMA_PROG_ERROR) {
xz_error(state, LZMA_PROG_ERROR, "compression error");
return -1;
} while (strm->avail_out && ret != LZMA_STREAM_END);
/* update available output and crc check value */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment