File ipxe-zbin-Fix-check-for-existence-of-mos.patch of Package qemu

From fdba8cc45d8d3d201f4e8c8dce7cce68e2f20aee Mon Sep 17 00:00:00 2001
From: Michael Brown <>
Date: Thu, 26 Feb 2015 13:01:55 +0000
Subject: [PATCH] [zbin] Fix check for existence of most recent output byte
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The code in lzma_literal() checks to see if we are at the start of the
compressed input data in order to determine whether or not a most
recent output byte exists.  This check is incorrect, since
initialisation of the decompressor will always consume the first five
bytes of the compressed input data.

Fix by instead checking whether or not we are at the start of the
output data stream.  This is, in any case, a more logical check.

This issue was masked during development and testing since virtual
machines tend to zero the initial contents of RAM; the spuriously-read
"most recent output byte" is therefore likely to already be a zero
when running in a virtual machine.

Reported-by: Robin Smidsrød <>
Signed-off-by: Michael Brown <>
(cherry picked from commit ea3be0f4a65f2d7e8b16b9cdef89fe93f28d7008)
Signed-off-by: Bruce Rogers <>
 src/arch/i386/prefix/unlzma.S | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/arch/i386/prefix/unlzma.S b/src/arch/i386/prefix/unlzma.S
index b0588fd..35f6b32 100644
--- a/src/arch/i386/prefix/unlzma.S
+++ b/src/arch/i386/prefix/unlzma.S
@@ -161,7 +161,6 @@ high:		.rept	( 1 << 8 )
 	.struct	0
-in_start:	.long	0
 out_start:	.long	0
 rc_code:	.long	0
 rc_range:	.long	0
@@ -456,7 +455,7 @@ rc_direct:
 	/* Get most recent output byte, if available */
 	xorl	%ebx, %ebx
-	cmpl	%esi, in_start(%ebp)
+	cmpl	%edi, out_start(%ebp)
 	je	1f
 	movb	%es:-1(%edi), %bh
 1:	/* Locate probability estimate set */
@@ -870,7 +869,6 @@ decompress:
 	popw	%es
 	popl	%edi
 	/* Initialise remaining parameters */
-	movl	%esi, in_start(%ebp)
 	movl	%edi, out_start(%ebp)
 	print_character '\n'
 	ADDR32 lodsb	/* discard initial byte */