[3.11] gh-104282: Fix null pointer dereference in lzma._decode_filter_properties (GH-104283) (GH-114182)

(cherry picked from commit 0154405350) Co-authored-by: Radislav Chugunov <52372310+chgnrdv@users.noreply.github.com>
2025-08-04 08:59:19 +00:00 · 2024-01-17 14:30:29 +01:00 · 2024-01-17 14:30:29 +01:00 · 76d0c4b688
commit 76d0c4b688
parent bda62c0b22
3 changed files with 14 additions and 1 deletions
--- a/Lib/test/test_lzma.py
+++ b/Lib/test/test_lzma.py
@ -1409,6 +1409,14 @@ class MiscellaneousTestCase(unittest.TestCase):
        self.assertEqual(filterspec["lc"], 3)
        self.assertEqual(filterspec["dict_size"], 8 << 20)

+        # see gh-104282
+        filters = [lzma.FILTER_X86, lzma.FILTER_POWERPC,
+                   lzma.FILTER_IA64, lzma.FILTER_ARM,
+                   lzma.FILTER_ARMTHUMB, lzma.FILTER_SPARC]
+        for f in filters:
+            filterspec = lzma._decode_filter_properties(f, b"")
+            self.assertEqual(filterspec, {"id": f})
+
    def test_filter_properties_roundtrip(self):
        spec1 = lzma._decode_filter_properties(
                lzma.FILTER_LZMA1, b"]\x00\x00\x80\x00")
--- a/Misc/NEWS.d/next/Library/2023-05-08-09-30-00.gh-issue-104282.h4c6Eb.rst
+++ b/Misc/NEWS.d/next/Library/2023-05-08-09-30-00.gh-issue-104282.h4c6Eb.rst
@ -0,0 +1,3 @@
+Fix null pointer dereference in :func:`lzma._decode_filter_properties`
+due to improper handling of BCJ filters with properties of zero length.
+Patch by Radislav Chugunov.
--- a/Modules/_lzmamodule.c
+++ b/Modules/_lzmamodule.c
@ -494,7 +494,9 @@ build_filter_spec(const lzma_filter *f)
        case LZMA_FILTER_ARMTHUMB:
        case LZMA_FILTER_SPARC: {
            lzma_options_bcj *options = f->options;
-            ADD_FIELD(options, start_offset);
+            if (options) {
+                ADD_FIELD(options, start_offset);
+            }
            break;
        }
        default: