Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/busybox/patches/busybox-1.24.1-unzip-regression.patch

    Annotation of /trunk/busybox/patches/busybox-1.24.1-unzip-regression.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 2755 - (hide annotations) (download) (as text)
    Fri Jan 15 14:29:01 2016 UTC (8 years, 4 months ago) by niro
    File MIME type: application/octet-stream
    File size: 4383 byte(s) 
    -busybox-1.24.1 patches
    1 niro 2755 From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
    2     From: Denys Vlasenko <vda.linux@googlemail.com>
    3     Date: Fri, 30 Oct 2015 23:41:53 +0100
    4     Subject: [PATCH] [g]unzip: fix recent breakage.
    5    
    6     Also, do emit error message we so painstakingly pass from gzip internals
    7    
    8     Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
    9     (cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
    10     Signed-off-by: Mike Frysinger <vapier@gentoo.org>
    11     ---
    12     archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------
    13     testsuite/unzip.tests | 1 +
    14     2 files changed, 22 insertions(+), 12 deletions(-)
    15    
    16     diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
    17     index c76fd31..357c9bf 100644
    18     --- a/archival/libarchive/decompress_gunzip.c
    19     +++ b/archival/libarchive/decompress_gunzip.c
    20     @@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
    21     huft_t *q; /* points to current table */
    22     huft_t r; /* table entry for structure assignment */
    23     huft_t *u[BMAX]; /* table stack */
    24     - unsigned v[N_MAX]; /* values in order of bit length */
    25     - unsigned v_end;
    26     + unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */
    27     int ws[BMAX + 1]; /* bits decoded stack */
    28     int w; /* bits decoded */
    29     unsigned x[BMAX + 1]; /* bit offsets, then code stack */
    30     @@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
    31     *xp++ = j;
    32     }
    33    
    34     - /* Make a table of values in order of bit lengths */
    35     + /* Make a table of values in order of bit lengths.
    36     + * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
    37     + * In particular, last v[i] is never filled and must not be accessed.
    38     + */
    39     + memset(v, 0xff, sizeof(v));
    40     p = b;
    41     i = 0;
    42     - v_end = 0;
    43     do {
    44     j = *p++;
    45     if (j != 0) {
    46     v[x[j]++] = i;
    47     - v_end = x[j];
    48     }
    49     } while (++i < n);
    50    
    51     @@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
    52    
    53     /* set up table entry in r */
    54     r.b = (unsigned char) (k - w);
    55     - if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
    56     + if (/*p >= v + n || -- redundant, caught by the second check: */
    57     + *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
    58     + ) {
    59     r.e = 99; /* out of values--invalid code */
    60     } else if (*p < s) {
    61     r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
    62     @@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
    63     e = t->e;
    64     if (e > 16)
    65     do {
    66     - if (e == 99)
    67     - abort_unzip(PASS_STATE_ONLY);;
    68     + if (e == 99) {
    69     + abort_unzip(PASS_STATE_ONLY);
    70     + }
    71     bb >>= t->b;
    72     k -= t->b;
    73     e -= 16;
    74     @@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
    75     e = t->e;
    76     if (e > 16)
    77     do {
    78     - if (e == 99)
    79     + if (e == 99) {
    80     abort_unzip(PASS_STATE_ONLY);
    81     + }
    82     bb >>= t->b;
    83     k -= t->b;
    84     e -= 16;
    85     @@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
    86    
    87     b_dynamic >>= 4;
    88     k_dynamic -= 4;
    89     - if (nl > 286 || nd > 30)
    90     + if (nl > 286 || nd > 30) {
    91     abort_unzip(PASS_STATE_ONLY); /* bad lengths */
    92     + }
    93    
    94     /* read in bit-length-code lengths */
    95     for (j = 0; j < nb; j++) {
    96     @@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
    97     bl = lbits;
    98    
    99     i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
    100     - if (i != 0)
    101     + if (i != 0) {
    102     abort_unzip(PASS_STATE_ONLY);
    103     + }
    104     bd = dbits;
    105     i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
    106     - if (i != 0)
    107     + if (i != 0) {
    108     abort_unzip(PASS_STATE_ONLY);
    109     + }
    110    
    111     /* set up data for inflate_codes() */
    112     inflate_codes_setup(PASS_STATE bl, bd);
    113     @@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
    114     error_msg = "corrupted data";
    115     if (setjmp(error_jmp)) {
    116     /* Error from deep inside zip machinery */
    117     + bb_error_msg(error_msg);
    118     n = -1;
    119     goto ret;
    120     }
    121     diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
    122     index ca0a458..d8738a3 100755
    123     --- a/testsuite/unzip.tests
    124     +++ b/testsuite/unzip.tests
    125     @@ -34,6 +34,7 @@ rm foo.zip
    126     testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
    127     "Archive: bad.zip
    128     inflating: ]3j½r«IK-%Ix
    129     +unzip: corrupted data
    130     unzip: inflate error
    131     1
    132     " \
    133     --
    134     2.6.2
    135    

    Properties

    Name Value
    svn:mime-type application/octet-stream