diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.cpp	2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.cpp	2019-03-06 22:10:18.882278471 +0800
@@ -29,7 +29,7 @@
 };
 */
 
-CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { }
+CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { }
 
 void CDecoder::InitStructures()
 {
@@ -345,7 +345,7 @@
 
 void CDecoder::InitData()
 {
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
     AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0;
     AvrPlc = 0x3500;
@@ -391,6 +391,11 @@
   if (inSize == NULL || outSize == NULL)
     return E_INVALIDARG;
 
+  if (_isSolid && !_solidAllowed)
+    return S_FALSE;
+
+  _solidAllowed = false;
+
   if (!m_OutWindowStream.Create(kHistorySize))
     return E_OUTOFMEMORY;
   if (!m_InBitStream.Create(1 << 20))
@@ -398,13 +403,13 @@
 
   m_UnpackSize = (Int64)*outSize;
   m_OutWindowStream.SetStream(outStream);
-  m_OutWindowStream.Init(m_IsSolid);
+  m_OutWindowStream.Init(_isSolid);
   m_InBitStream.SetStream(inStream);
   m_InBitStream.Init();
 
   // CCoderReleaser coderReleaser(this);
   InitData();
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
     _errorMode = false;
     InitStructures();
@@ -475,6 +480,7 @@
   }
   if (m_UnpackSize < 0)
     return S_FALSE;
+  _solidAllowed = true;
   return m_OutWindowStream.Flush();
 }
 
@@ -491,7 +497,7 @@
 {
   if (size < 1)
     return E_INVALIDARG;
-  m_IsSolid = ((data[0] & 1) != 0);
+  _isSolid = ((data[0] & 1) != 0);
   return S_OK;
 }
 
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar1Decoder.h	2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar1Decoder.h	2019-03-06 22:10:18.882278471 +0800
@@ -38,7 +38,8 @@
   UInt32 LastLength;
 
   Int64 m_UnpackSize;
-  bool m_IsSolid;
+  bool _isSolid;
+  bool _solidAllowed;
   bool _errorMode;
 
   UInt32 ReadBits(int numBits);
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.cpp	2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.cpp	2019-03-06 22:10:18.882278471 +0800
@@ -80,7 +80,8 @@
 static const UInt32 kWindowReservSize = (1 << 22) + 256;
 
 CDecoder::CDecoder():
-  m_IsSolid(false),
+  _isSolid(false),
+  _solidAllowed(false),
   m_TablesOK(false)
 {
 }
@@ -320,6 +321,10 @@
   if (inSize == NULL || outSize == NULL)
     return E_INVALIDARG;
 
+  if (_isSolid && !_solidAllowed)
+    return S_FALSE;
+  _solidAllowed = false;
+
   if (!m_OutWindowStream.Create(kHistorySize))
     return E_OUTOFMEMORY;
   if (!m_InBitStream.Create(1 << 20))
@@ -330,12 +335,12 @@
   UInt64 pos = 0, unPackSize = *outSize;
   
   m_OutWindowStream.SetStream(outStream);
-  m_OutWindowStream.Init(m_IsSolid);
+  m_OutWindowStream.Init(_isSolid);
   m_InBitStream.SetStream(inStream);
   m_InBitStream.Init();
 
   // CCoderReleaser coderReleaser(this);
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
     InitStructures();
     if (unPackSize == 0)
@@ -343,6 +348,7 @@
       if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect;
         if (!ReadTables())
           return S_FALSE;
+      _solidAllowed = true;
       return S_OK;
     }
     if (!ReadTables())
@@ -386,6 +392,9 @@
 
   if (!ReadLastTables())
     return S_FALSE;
+
+  _solidAllowed = true;
+
   return m_OutWindowStream.Flush();
 }
 
@@ -402,7 +411,7 @@
 {
   if (size < 1)
     return E_INVALIDARG;
-  m_IsSolid = ((data[0] & 1) != 0);
+  _isSolid = ((data[0] & 1) != 0);
   return S_OK;
 }
 
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar2Decoder.h	2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar2Decoder.h	2019-03-06 22:10:18.882278471 +0800
@@ -138,7 +138,8 @@
   Byte m_LastLevels[kMaxTableSize];
 
   UInt64 m_PackSize;
-  bool m_IsSolid;
+  bool _isSolid;
+  bool _solidAllowed;
   bool m_TablesOK;
 
   void InitStructures();
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.cpp	2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.cpp	2019-03-06 22:10:18.882278471 +0800
@@ -92,7 +92,8 @@
   _writtenFileSize(0),
   _vmData(0),
   _vmCode(0),
-  m_IsSolid(false),
+  _isSolid(false),
+  _solidAllowed(false),
   _errorMode(false)
 {
   Ppmd7_Construct(&_ppmd);
@@ -821,7 +822,7 @@
 {
   _writtenFileSize = 0;
   _unsupportedFilter = false;
-  if (!m_IsSolid)
+  if (!_isSolid)
   {
     _lzSize = 0;
     _winPos = 0;
@@ -840,12 +841,15 @@
   if (_errorMode)
     return S_FALSE;
 
-  if (!m_IsSolid || !TablesRead)
+  if (!_isSolid || !TablesRead)
   {
     bool keepDecompressing;
     RINOK(ReadTables(keepDecompressing));
     if (!keepDecompressing)
+    {
+      _solidAllowed = true;
       return S_OK;
+    }
   }
 
   for (;;)
@@ -870,6 +874,9 @@
     if (!keepDecompressing)
       break;
   }
+
+  _solidAllowed = true;
+
   RINOK(WriteBuf());
   UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize();
   RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize));
@@ -890,6 +897,10 @@
     if (!inSize)
       return E_INVALIDARG;
 
+    if (_isSolid && !_solidAllowed)
+      return S_FALSE;
+    _solidAllowed = false;
+
     if (!_vmData)
     {
       _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax);
@@ -928,7 +939,7 @@
 {
   if (size < 1)
     return E_INVALIDARG;
-  m_IsSolid = ((data[0] & 1) != 0);
+  _isSolid = ((data[0] & 1) != 0);
   return S_OK;
 }
 
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar3Decoder.h	2019-03-06 22:04:37.659374132 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar3Decoder.h	2019-03-06 22:10:18.882278471 +0800
@@ -191,7 +191,8 @@
   CRecordVector<CTempFilter *>  _tempFilters;
   UInt32 _lastFilter;
 
-  bool m_IsSolid;
+  bool _isSolid;
+  bool _solidAllowed;
   bool _errorMode;
 
   bool _lzMode;
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.cpp CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.cpp
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.cpp	2019-03-06 22:03:12.632738487 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.cpp	2019-03-06 22:10:18.882278471 +0800
@@ -72,6 +72,7 @@
     _writtenFileSize(0),
     _dictSizeLog(0),
     _isSolid(false),
+    _solidAllowed(false),
     _wasInit(false),
     _inputBuf(NULL)
 {
@@ -801,7 +802,10 @@
   */
 
   if (res == S_OK)
+  {
+    _solidAllowed = true;
     res = res2;
+  }
      
   if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize)
     return S_FALSE;
@@ -821,6 +825,10 @@
 {
   try
   {
+    if (_isSolid && !_solidAllowed)
+      return S_FALSE;
+    _solidAllowed = false;
+
     if (_dictSizeLog >= sizeof(size_t) * 8)
       return E_NOTIMPL;
 
diff -Nur CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.h CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.h
--- CVE-2018-5996_mod/CPP/7zip/Compress/Rar5Decoder.h	2019-03-06 22:03:12.632738487 +0800
+++ CVE-2018-10115_mod/CPP/7zip/Compress/Rar5Decoder.h	2019-03-06 22:10:18.882278471 +0800
@@ -271,6 +271,7 @@
   Byte _dictSizeLog;
   bool _tableWasFilled;
   bool _isSolid;
+  bool _solidAllowed;
   bool _wasInit;
 
   UInt32 _reps[kNumReps];