# HG changeset patch
# User reimar
# Date 1169907303 0
# Node ID 4ade01ded107926080458529d086ef7a259288ea
# Parent  4cceb7c877af52a6cc6cf214b2623d57547db2ab
Fix buffer end checks in lzo copy code to work in all cases.

diff -r 4cceb7c877af -r 4ade01ded107 lzo.c
--- a/lzo.c	Sat Jan 27 14:10:57 2007 +0000
+++ b/lzo.c	Sat Jan 27 14:15:03 2007 +0000
@@ -67,11 +67,11 @@
 static inline void copy(LZOContext *c, int cnt) {
     register uint8_t *src = c->in;
     register uint8_t *dst = c->out;
-    if (src + cnt > c->in_end) {
+    if (src + cnt > c->in_end || src + cnt < src) {
         cnt = c->in_end - src;
         c->error |= LZO_INPUT_DEPLETED;
     }
-    if (dst + cnt > c->out_end) {
+    if (dst + cnt > c->out_end || dst + cnt < dst) {
         cnt = c->out_end - dst;
         c->error |= LZO_OUTPUT_FULL;
     }
@@ -101,11 +101,11 @@
 static inline void copy_backptr(LZOContext *c, int back, int cnt) {
     register uint8_t *src = &c->out[-back];
     register uint8_t *dst = c->out;
-    if (src < c->out_start) {
+    if (src < c->out_start || src > dst) {
         c->error |= LZO_INVALID_BACKPTR;
         return;
     }
-    if (dst + cnt > c->out_end) {
+    if (dst + cnt > c->out_end || dst +  cnt < dst) {
         cnt = c->out_end - dst;
         c->error |= LZO_OUTPUT_FULL;
     }