fix: OOB in rar audio filter (#2149) This patch ensures that `src` won't move ahead of `dst`, so `src` will not OOB. Similar situation like in a1cb648.
fix: OOB in rar delta filter (#2148) Ensure that `src` won't move ahead of `dst`, so `src` will not OOB. Since `dst` won't move in this function, and we are only increasing `src` position, this check should be enough. It should be safe to early return because this function does not allocate resources.
rar4 reader: protect copy_from_lzss_window_to_unp() (#2172) copy_from_lzss_window_to_unp unnecessarily took an `int` parameter where both of its callers were holding a `size_t`.
A lzss opcode chain could be constructed that resulted in a negative copy length, which when passed into memcpy would result in a very, very large positive number.
Switching copy_from_lzss_window_to_unp to take a `size_t` allows it to properly bounds-check length.
In addition, this patch also ensures that `length` is not itself larger than the destination buffer.
