`std.compress.xz`: Integer overflows found via fuzzing

[squeek502]

Zig Version

0.11.0-dev.1502+d6b430b52

Steps to Reproduce and Observed Behavior

Meant to do some fuzz testing while this was still a PR (#14434) but didn't get around to it. So far I've only fuzz tested to find crashes, not verify correctness, and I've only found 3 unique integer overflow locations.

The minimized test cases as files can be found here (note: there are some test cases that trigger the same/similar crashes):

xz-fuzzed-crashes-20230202.zip

(if it makes it easier, it's possible to use zigescape to get Zig string literals from each file's contents)

The integer overflows can be reproduced by running the above inputs through the decompress function here:

zig/lib/std/compress/xz/test.zig

Lines 5 to 12 in d6b430b

	fn decompress(data: []const u8) ![]u8 {
	var in_stream = std.io.fixedBufferStream(data);
	var xz_stream = try xz.decompress(testing.allocator, in_stream.reader());
	defer xz_stream.deinit();
	return xz_stream.reader().readAllAlloc(testing.allocator, std.math.maxInt(usize));
	}

Fuzzer code can be found here:

https://github.com/squeek502/zig-std-lib-fuzzing/blob/master/fuzzers/xz.zig

cc @FnControlOption

Expected Behavior

The xz decompressor to avoid integer overflow on all inputs.

[squeek502]

I seem to have screwed up the test cases when I wrote this originally (got too fancy with deduplicating, somehow ended up with test cases that didn't actually crash). Updated the OP with proper test cases that actually trigger the integer overflows.

[squeek502]

Fixed in d57813e via #14518