Commit a73f4c67 for xz

commit a73f4c67154fe6111076ee673fd8991f5853d8d4
Author: Lasse Collin <lasse.collin@tukaani.org>
Date:   Wed Jun 3 00:20:28 2026 +0300

    liblzma: Index decoder: Reject an obviously-bad Number of Records early

    There no point to try decoding further when the Index is clearly not
    from a valid .xz file.

    This also limits what index_decoder_memconfig() can return as the
    memory usage. Very huge values aren't possible anymore. This affects
    file_info_decoder_memconfig() in file_info.c where very huge values
    aren't expected and could result in an integer overflow when not much
    memory has actually been allocated. Now the overflow can only happen if
    one manages to successfully allocate and fill a few exabytes of memory.

    Reported-by: GitHub user jmestwa-coder
    Fixes: https://github.com/tukaani-project/xz/pull/226

diff --git a/src/liblzma/common/index_decoder.c b/src/liblzma/common/index_decoder.c
index 4eab56d9..5a867109 100644
--- a/src/liblzma/common/index_decoder.c
+++ b/src/liblzma/common/index_decoder.c
@@ -91,6 +91,13 @@ index_decode(void *coder_ptr, const lzma_allocator *allocator,
 		if (ret != LZMA_STREAM_END)
 			goto out;

+		// If the Number of Records field has so large value that the
+		// Index would have to be larger than LZMA_BACKWARD_SIZE_MAX,
+		// don't even try to decode the Index because clearly it's
+		// not a valid .xz file.
+		if (coder->count > INDEX_RECORDS_MAX)
+			return LZMA_DATA_ERROR;
+
 		coder->pos = 0;
 		coder->sequence = SEQ_MEMUSAGE;
 		FALLTHROUGH;