[PATCH] erofs-utils: lib: gzran: fix corruption due to incorrect dictionary recovery

Fri Oct 24 13:51:15 AEDT 2025

The dictionary was incorrectly copied by only one byte, leading to
corruption during gzran read.

Fix the memcpy size argument to copy the entire dictionary buffer
instead of a single byte.

Reported-by: Chengyu Zhu <hudsonzhu at tencent.com>
Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
---
 lib/gzran.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/gzran.c b/lib/gzran.c
index 47d660d..527a366 100644
--- a/lib/gzran.c
+++ b/lib/gzran.c
@@ -362,7 +362,7 @@ struct erofs_vfile *erofs_gzran_zinfo_open(struct erofs_vfile *vin,
 	for (; i < ios->entries; ++i, ++c) {
 		ios->cp[i].in_bitpos = (le64_to_cpu(c->in) << 3) | c->bits;
 		ios->cp[i].outpos = le64_to_cpu(c->out);
-		memcpy(ios->cp[i].window, c->window, sizeof(*c->window));
+		memcpy(ios->cp[i].window, c->window, sizeof(c->window));
 	}
 	ios->vin = vin;
 	vf->ops = &erofs_gzran_ios_vfops;
-- 
2.39.5

