From 4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Sat, 26 Feb 2022 10:11:49 +1100
Subject: [PATCH] Fix possible race condition between zpaq_decompress_buf() and
 clear_rulist() function as reported by wcventure.

---
 lrzip.c  | 8 +++++++-
 runzip.c | 6 +-----
 runzip.h | 1 +
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/lrzip.c b/lrzip.c
index a77eba6..2bd4e1f 100644
--- a/lrzip.c
+++ b/lrzip.c
@@ -842,8 +842,14 @@ bool decompress_file(rzip_control *control)
 
 	print_progress("Decompressing...\n");
 
-	if (unlikely(runzip_fd(control, fd_in, fd_out, fd_hist, expected_size) < 0))
+	if (unlikely(runzip_fd(control, fd_in, fd_out, fd_hist, expected_size) < 0)) {
+		clear_rulist(control);
 		return false;
+	}
+
+	/* We can now safely delete sinfo and pthread data of all threads
+	 * created. */
+	clear_rulist(control);
 
 	if (STDOUT && !TMP_OUTBUF) {
 		if (unlikely(!dump_tmpoutfile(control, fd_out)))
diff --git a/runzip.c b/runzip.c
index 8ae48a5..c117698 100644
--- a/runzip.c
+++ b/runzip.c
@@ -249,7 +249,7 @@ static i64 unzip_match(rzip_control *control, void *ss, i64 len, uint32 *cksum,
 	return total;
 }
 
-static void clear_rulist(rzip_control *control)
+void clear_rulist(rzip_control *control)
 {
 	while (control->ruhead) {
 		struct runzip_node *node = control->ruhead;
@@ -381,10 +381,6 @@ static i64 runzip_chunk(rzip_control *control, int fd_in, i64 expected_size, i64
 	if (unlikely(close_stream_in(control, ss)))
 		fatal("Failed to close stream!\n");
 
-	/* We can now safely delete sinfo and pthread data of all threads
-	 * created. */
-	clear_rulist(control);
-
 	return total;
 }
 
diff --git a/runzip.h b/runzip.h
index 1ed68e6..310d018 100644
--- a/runzip.h
+++ b/runzip.h
@@ -22,6 +22,7 @@
 
 #include "lrzip_private.h"
 
+void clear_rulist(rzip_control *control);
 i64 runzip_fd(rzip_control *control, int fd_in, int fd_out, int fd_hist, i64 expected_size);
 
 #endif