The code in lzma_literal() checks to see if we are at the start of the compressed input data in order to determine whether or not a most recent output byte exists. This check is incorrect, since initialisation of the decompressor will always consume the first five bytes of the compressed input data. Fix by instead checking whether or not we are at the start of the output data stream. This is, in any case, a more logical check. This issue was masked during development and testing since virtual machines tend to zero the initial contents of RAM; the spuriously-read "most recent output byte" is therefore likely to already be a zero when running in a virtual machine. Reported-by: Robin Smidsrød <robin@smidsrod.no> Signed-off-by: Michael Brown <mcb30@ipxe.org>

9 years ago · ea3be0f4a6
--- a/src/arch/i386/prefix/unlzma.S
+++ b/src/arch/i386/prefix/unlzma.S
@@ -194,7 +194,6 @@ high:		.rept	( 1 << 8 )
 
				
				 
			
 
				
				 	.struct	0
			
 
				
				 lzma_dec:
			
 
				
				-in_start:	.long	0
			
 
				
				 out_start:	.long	0
			
 
				
				 rc_code:	.long	0
			
 
				
				 rc_range:	.long	0
			
@@ -487,7 +486,7 @@ rc_direct:
 
				
				 lzma_literal:
			
 
				
				 	/* Get most recent output byte, if available */
			
 
				
				 	xorl	%ebx, %ebx
			
 
				
				-	cmpl	%esi, in_start(%ebp)
			
 
				
				+	cmpl	%edi, out_start(%ebp)
			
 
				
				 	je	1f
			
 
				
				 	movb	%es:-1(%edi), %bh
			
 
				
				 1:	/* Locate probability estimate set */
			
@@ -901,7 +900,6 @@ decompress:
 
				
				 	popw	%es
			
 
				
				 	popl	%edi
			
 
				
				 	/* Initialise remaining parameters */
			
 
				
				-	movl	%esi, in_start(%ebp)
			
 
				
				 	movl	%edi, out_start(%ebp)
			
 
				
				 	print_character $('\n')
			
 
				
				 	ADDR32 lodsb	/* discard initial byte */