compression: fix lzxpress decompress with trailing flags

Every so often, lzxpress adds a 32-bit block of indicator flags to
help decode the next clump of 32 code words. A naive compressor (such
as we have) might do this at the very end for flags that aren't
actually used because there are no more bytes to decompress. If that
happens we need to stop processing, or we'll come to worse outcome at
the next CHECK_INPUT_BYTES.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/compression/lzxpress.c b/lib/compression/lzxpress.c
index de062872560460e0a6ff3b0b4b80cb00d797397c..288fa0bcba8fc6211e75bd26be5dd7f274faf1aa 100644 (file)
--- a/lib/compression/lzxpress.c
+++ b/lib/compression/lzxpress.c
@@ -236,6 +236,13 @@ ssize_t lzxpress_decompress(const uint8_t *input,
                        CHECK_INPUT_BYTES(sizeof(uint32_t));
                        indicator = PULL_LE_U32(input, input_index);
                        input_index += sizeof(uint32_t);
+                       if (input_index == input_size) {
+                               /*
+                                * The compressor left room for indicator
+                                * flags for data that doesn't exist.
+                                */
+                               break;
+                       }
                        indicator_bit = 32;
                }
                indicator_bit--;