The dictionary was incorrectly copied by only one byte, leading to corruption during gzran read.
Fix the memcpy size argument to copy the entire dictionary buffer instead of a single byte. Reported-by: Chengyu Zhu <[email protected]> Signed-off-by: Gao Xiang <[email protected]> --- lib/gzran.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gzran.c b/lib/gzran.c index 47d660d..527a366 100644 --- a/lib/gzran.c +++ b/lib/gzran.c @@ -362,7 +362,7 @@ struct erofs_vfile *erofs_gzran_zinfo_open(struct erofs_vfile *vin, for (; i < ios->entries; ++i, ++c) { ios->cp[i].in_bitpos = (le64_to_cpu(c->in) << 3) | c->bits; ios->cp[i].outpos = le64_to_cpu(c->out); - memcpy(ios->cp[i].window, c->window, sizeof(*c->window)); + memcpy(ios->cp[i].window, c->window, sizeof(c->window)); } ios->vin = vin; vf->ops = &erofs_gzran_ios_vfops; -- 2.39.5
