[gcc r14-9274] libbacktrace: skip all LZMA block header padding bytes

[gcc r14-9274] libbacktrace: skip all LZMA block header padding bytes

[Ian Lance Taylor]

https://gcc.gnu.org/g:c4f82ec6b4633a6024f895c925e5e69717084742

commit r14-9274-gc4f82ec6b4633a6024f895c925e5e69717084742
Author: Ian Lance Taylor <iant@golang.org>
Date:   Sat Mar 2 12:15:49 2024 -0800

    libbacktrace: skip all LZMA block header padding bytes
    
    Fixes https://github.com/ianlancetaylor/libbacktrace/issues/118
    
            * elf.c (elf_uncompress_lzma_block): Skip all header padding bytes
            and verify that they are zero.

Diff:
---
 libbacktrace/elf.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
index f4527e2477d..7841c86cd9c 100644
--- a/libbacktrace/elf.c
+++ b/libbacktrace/elf.c
@@ -5568,6 +5568,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
   uint64_t header_compressed_size;
   uint64_t header_uncompressed_size;
   unsigned char lzma2_properties;
+  size_t crc_offset;
   uint32_t computed_crc;
   uint32_t stream_crc;
   size_t uncompressed_offset;
@@ -5671,19 +5672,20 @@ elf_uncompress_lzma_block (const unsigned char *compressed,
   /* The properties describe the dictionary size, but we don't care
      what that is.  */
 
-  /* Block header padding.  */
-  if (unlikely (off + 4 > compressed_size))
+  /* Skip to just before CRC, verifying zero bytes in between.  */
+  crc_offset = block_header_offset + block_header_size - 4;
+  if (unlikely (crc_offset + 4 > compressed_size))
     {
       elf_uncompress_failed ();
       return 0;
     }
-
-  off = (off + 3) &~ (size_t) 3;
-
-  if (unlikely (off + 4 > compressed_size))
+  for (; off < crc_offset; off++)
     {
-      elf_uncompress_failed ();
-      return 0;
+      if (compressed[off] != 0)
+	{
+	  elf_uncompress_failed ();
+	  return 0;
+	}
     }
 
   /* Block header CRC.  */