Annotation of /trunk/busybox/patches/busybox-1.24.1-unzip.patch
Parent Directory | Revision Log
Revision 2755 -
(hide annotations)
(download)
(as text)
Fri Jan 15 14:29:01 2016 UTC (8 years, 5 months ago) by niro
File MIME type: application/octet-stream
File size: 3871 byte(s)
Fri Jan 15 14:29:01 2016 UTC (8 years, 5 months ago) by niro
File MIME type: application/octet-stream
File size: 3871 byte(s)
-busybox-1.24.1 patches
1 | niro | 2755 | From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001 |
2 | From: Denys Vlasenko <vda.linux@googlemail.com> | ||
3 | Date: Mon, 26 Oct 2015 19:33:05 +0100 | ||
4 | Subject: [PATCH] unzip: test for bad archive SEGVing | ||
5 | |||
6 | function old new delta | ||
7 | huft_build 1296 1300 +4 | ||
8 | |||
9 | Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> | ||
10 | --- | ||
11 | archival/libarchive/decompress_gunzip.c | 11 +++++++---- | ||
12 | testsuite/unzip.tests | 23 ++++++++++++++++++++++- | ||
13 | 2 files changed, 29 insertions(+), 5 deletions(-) | ||
14 | |||
15 | diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c | ||
16 | index 7b6f459..30bf451 100644 | ||
17 | --- a/archival/libarchive/decompress_gunzip.c | ||
18 | +++ b/archival/libarchive/decompress_gunzip.c | ||
19 | @@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
20 | unsigned i; /* counter, current code */ | ||
21 | unsigned j; /* counter */ | ||
22 | int k; /* number of bits in current code */ | ||
23 | - unsigned *p; /* pointer into c[], b[], or v[] */ | ||
24 | + const unsigned *p; /* pointer into c[], b[], or v[] */ | ||
25 | huft_t *q; /* points to current table */ | ||
26 | huft_t r; /* table entry for structure assignment */ | ||
27 | huft_t *u[BMAX]; /* table stack */ | ||
28 | unsigned v[N_MAX]; /* values in order of bit length */ | ||
29 | + unsigned v_end; | ||
30 | int ws[BMAX + 1]; /* bits decoded stack */ | ||
31 | int w; /* bits decoded */ | ||
32 | unsigned x[BMAX + 1]; /* bit offsets, then code stack */ | ||
33 | @@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
34 | |||
35 | /* Generate counts for each bit length */ | ||
36 | memset(c, 0, sizeof(c)); | ||
37 | - p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */ | ||
38 | + p = b; | ||
39 | i = n; | ||
40 | do { | ||
41 | c[*p]++; /* assume all entries <= BMAX */ | ||
42 | @@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
43 | } | ||
44 | |||
45 | /* Make a table of values in order of bit lengths */ | ||
46 | - p = (unsigned *) b; | ||
47 | + p = b; | ||
48 | i = 0; | ||
49 | + v_end = 0; | ||
50 | do { | ||
51 | j = *p++; | ||
52 | if (j != 0) { | ||
53 | v[x[j]++] = i; | ||
54 | + v_end = x[j]; | ||
55 | } | ||
56 | } while (++i < n); | ||
57 | |||
58 | @@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n, | ||
59 | |||
60 | /* set up table entry in r */ | ||
61 | r.b = (unsigned char) (k - w); | ||
62 | - if (p >= v + n) { | ||
63 | + if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter! | ||
64 | r.e = 99; /* out of values--invalid code */ | ||
65 | } else if (*p < s) { | ||
66 | r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */ | ||
67 | diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests | ||
68 | index 8677a03..ca0a458 100755 | ||
69 | --- a/testsuite/unzip.tests | ||
70 | +++ b/testsuite/unzip.tests | ||
71 | @@ -7,7 +7,7 @@ | ||
72 | |||
73 | . ./testing.sh | ||
74 | |||
75 | -# testing "test name" "options" "expected result" "file input" "stdin" | ||
76 | +# testing "test name" "commands" "expected result" "file input" "stdin" | ||
77 | # file input will be file called "input" | ||
78 | # test can create a file "actual" instead of writing to stdout | ||
79 | |||
80 | @@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f | ||
81 | rmdir foo | ||
82 | rm foo.zip | ||
83 | |||
84 | +# File containing some damaged encrypted stream | ||
85 | +testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \ | ||
86 | +"Archive: bad.zip | ||
87 | + inflating: ]3j½r«IK-%Ix | ||
88 | +unzip: inflate error | ||
89 | +1 | ||
90 | +" \ | ||
91 | +"" "\ | ||
92 | +begin-base64 644 bad.zip | ||
93 | +UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ | ||
94 | +eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA | ||
95 | +AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA | ||
96 | +oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst | ||
97 | +JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA | ||
98 | +BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW | ||
99 | +NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM= | ||
100 | +==== | ||
101 | +" | ||
102 | + | ||
103 | +rm * | ||
104 | + | ||
105 | # Clean up scratch directory. | ||
106 | |||
107 | cd .. | ||
108 | -- | ||
109 | 2.6.2 | ||
110 |
Properties
Name | Value |
---|---|
svn:mime-type | application/octet-stream |