From 071ee7c6f46f0565474132f01a22f780c42a8a44 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Wed, 17 Mar 2021 17:42:08 +0200
Subject: [PATCH] LibCompress: Check for impossible back references in
 DeflateDecompressor

This commit makes sure that we fail if an encoded lz77 back reference
references bytes that are outside our sliding window, instead of just
silently failing, which triggers an assertion down the line.
---
 Userland/Libraries/LibCompress/Deflate.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Userland/Libraries/LibCompress/Deflate.cpp b/Userland/Libraries/LibCompress/Deflate.cpp
index 951da353ed..c45839507b 100644
--- a/Userland/Libraries/LibCompress/Deflate.cpp
+++ b/Userland/Libraries/LibCompress/Deflate.cpp
@@ -178,6 +178,10 @@ bool DeflateDecompressor::CompressedBlock::try_read_more()
         for (size_t idx = 0; idx < length; ++idx) {
             u8 byte = 0;
             m_decompressor.m_output_stream.read({ &byte, sizeof(byte) }, distance);
+            if (m_decompressor.m_output_stream.handle_any_error()) {
+                m_decompressor.set_fatal_error();
+                return false; // a back reference was requested that was too far back (outside our current sliding window)
+            }
             m_decompressor.m_output_stream << byte;
         }