From 86568263c6f308c455f9553703bb3493ab694476 Mon Sep 17 00:00:00 2001
From: Chris Hennick <hennickc@amazon.com>
Date: Mon, 15 Jul 2024 15:07:21 -0700
Subject: [PATCH] fix: Panic when reading a file truncated in the middle of an
 XZ block header

---
 src/read/xz.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/read/xz.rs b/src/read/xz.rs
index 50ee38d7b..478ae1024 100644
--- a/src/read/xz.rs
+++ b/src/read/xz.rs
@@ -224,7 +224,10 @@ impl<R: Read> Read for XzDecoder<R> {
             }
             digest.update(&b);
         }
-        let mut b = vec![0u8; header_end - *reader.count];
+        let Some(padding_bytes) = header_end.checked_sub(*reader.count) else {
+            return error("Invalid XZ block header (too short)");
+        };
+        let mut b = vec![0u8; padding_bytes];
         reader.read_exact(b.as_mut_slice())?;
         if !b.iter().all(|&b| b == 0) {
             return error("Invalid XZ block header padding");