[zbin] Fix check for existence of most recent output byte

The code in lzma_literal() checks to see if we are at the start of the
compressed input data in order to determine whether or not a most
recent output byte exists.  This check is incorrect, since
initialisation of the decompressor will always consume the first five
bytes of the compressed input data.

Fix by instead checking whether or not we are at the start of the
output data stream.  This is, in any case, a more logical check.

This issue was masked during development and testing since virtual
machines tend to zero the initial contents of RAM; the spuriously-read
"most recent output byte" is therefore likely to already be a zero
when running in a virtual machine.

Reported-by: Robin Smidsrød <robin@smidsrod.no>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 1 insertions, 3 deletions

diff --git a/src/arch/i386/prefix/unlzma.S b/src/arch/i386/prefix/unlzma.S
index f4cbcdac5..76df6cdd1 100644
--- a/src/arch/i386/prefix/unlzma.S
+++ b/src/arch/i386/prefix/unlzma.S
@@ -194,7 +194,6 @@ high:		.rept	( 1 << 8 )
 
 	.struct	0
 lzma_dec:
-in_start:	.long	0
 out_start:	.long	0
 rc_code:	.long	0
 rc_range:	.long	0
@@ -487,7 +486,7 @@ rc_direct:
 lzma_literal:
 	/* Get most recent output byte, if available */
 	xorl	%ebx, %ebx
-	cmpl	%esi, in_start(%ebp)
+	cmpl	%edi, out_start(%ebp)
 	je	1f
 	movb	%es:-1(%edi), %bh
 1:	/* Locate probability estimate set */
@@ -901,7 +900,6 @@ decompress:
 	popw	%es
 	popl	%edi
 	/* Initialise remaining parameters */
-	movl	%esi, in_start(%ebp)
 	movl	%edi, out_start(%ebp)
 	print_character $('\n')
 	ADDR32 lodsb	/* discard initial byte */