Validate the value before, not after, assigning it to an enum variable.

This might matter, for example, if the underlying type of
enum xz_check was a signed char. In such a case the validation
wouldn't catch an unsupported header.

With most compilers it already worked correctly but it's better
to change it for portability and conformance. This may increase
the code size by a few bytes though. An alternative would be to use
an unsigned int instead of enum xz_check but using an enumeration
looks cleaner.

1 files changed, 3 insertions, 3 deletions

diff --git a/linux/lib/xz/xz_dec_stream.c b/linux/lib/xz/xz_dec_stream.c
index e4aab73..2c41f5f 100644
--- a/linux/lib/xz/xz_dec_stream.c
+++ b/linux/lib/xz/xz_dec_stream.c
@@ -424,12 +424,12 @@ static enum xz_ret dec_stream_header(struct xz_dec *s)
 	 * check types too, but then the check won't be verified and
 	 * a warning (XZ_UNSUPPORTED_CHECK) will be given.
 	 */
+	if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX)
+		return XZ_OPTIONS_ERROR;
+
 	s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
 
 #ifdef XZ_DEC_ANY_CHECK
-	if (s->check_type > XZ_CHECK_MAX)
-		return XZ_OPTIONS_ERROR;
-
 	if (s->check_type > XZ_CHECK_CRC32 && !IS_CRC64(s->check_type))
 		return XZ_UNSUPPORTED_CHECK;
 #else