From 81071e6872eeb9e47b938d5d6fd82056aaebdd2e Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 28 Feb 2014 15:42:10 +0100
Subject: unlzma: add comments about possible bug from BZ 2689

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 archival/libarchive/decompress_unlzma.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'archival/libarchive/decompress_unlzma.c')

diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
index a89b846a0..3d99e1388 100644
--- a/archival/libarchive/decompress_unlzma.c
+++ b/archival/libarchive/decompress_unlzma.c
@@ -237,6 +237,9 @@ unpack_lzma_stream(transformer_aux_data_t *aux UNUSED_PARAM, int src_fd, int dst
 	pos_state_mask = (1 << pb) - 1;
 	literal_pos_mask = (1 << lp) - 1;
 
+	/* Example values from linux-3.3.4.tar.lzma:
+	 * dict_size: 64M, dst_size: 2^64-1
+	 */
 	header.dict_size = SWAP_LE32(header.dict_size);
 	header.dst_size = SWAP_LE64(header.dst_size);
 
@@ -443,6 +446,9 @@ unpack_lzma_stream(transformer_aux_data_t *aux UNUSED_PARAM, int src_fd, int dst
 				}
 				len--;
 			} while (len != 0 && buffer_pos < header.dst_size);
+			/* FIXME: ...........^^^^^
+			 * shouldn't it be "global_pos + buffer_pos < header.dst_size"?
+			 */
 		}
 	}
 
-- 
cgit v1.2.3