From 80be51e93b695d90ade7f6a013e79ee790022018 Mon Sep 17 00:00:00 2001
From: mtheall <pigman46@gmail.com>
Date: Mon, 1 Jun 2020 03:03:12 -0500
Subject: [PATCH] Fix decompress out-of-bounds access (#463)

---
 libctru/source/util/decompress/decompress.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libctru/source/util/decompress/decompress.c b/libctru/source/util/decompress/decompress.c
index f45ed26..b8afaf1 100644
--- a/libctru/source/util/decompress/decompress.c
+++ b/libctru/source/util/decompress/decompress.c
@@ -229,9 +229,9 @@ iov_increment(iov_iter *it)
 static inline void
 iov_add(iov_iter *it, size_t size)
 {
-  while(true)
+  while(size > 0)
   {
-    assert(it->num <= it->cnt);
+    assert(it->num < it->cnt);
     assert(it->iov[it->num].size > it->pos);
 
     if(it->iov[it->num].size - it->pos > size)
@@ -244,6 +244,7 @@ iov_add(iov_iter *it, size_t size)
     // advance to next buffer
     size -= it->iov[it->num].size - it->pos;
     ++it->num;
+    assert(size == 0 || it->num < it->cnt);
     it->pos = 0;
   }
 }