Can you confirm that the LZMA decoder has strict enough bounds checking for all pointer manipulations/dictionary buffer writes/range coder operations to prevent potential overflows or underflows caused by malicious crafted LZMA streams? Does the decoder validate all LZMA stream properties like lc and lp and guarantee that bufLimit and dictionary size constraints are enforced at every decoding step? Otherwise I just see it as an valid exploit, but poorly written.
No, I'm not even claiming the 'exploit' is real or fake or a troll or whatever. I'm asking you to verify the impossibility of an exploit using the same methodology.
The claim that the exploit comment is false is technically correct but misleading. While RC_Norm is a macro, not a function used in the LZMA encoder and PPMD decodern. However it is not present in LzmaDec.c. However, this does not invalidate the possibility of vulnerabilities in the the decoder because issues like pointer arithmetic and buffer handling could still be exploited. The comment does inaccurately references RC_NORM, but the broader claim about malformed LZMA streams causing vulnerabilities...
https://pastebin.com/gtnwfrim