diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-02-04 00:15:29 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-02-04 00:15:29 +0100 |
| commit | 2598915d43d7403e72d312ac426e585499e94173 (patch) | |
| tree | cb1e0e0decc6872e42081274647c8ec8786f8155 | |
| parent | 0e60a36c929e57e47d5de8e1ac0e53d4ec185a70 (diff) | |
| download | busybox-w32-2598915d43d7403e72d312ac426e585499e94173.tar.gz busybox-w32-2598915d43d7403e72d312ac426e585499e94173.tar.bz2 busybox-w32-2598915d43d7403e72d312ac426e585499e94173.zip | |
gunzip: fix from gzip-1.3.12 for gzip file with all zero length codes
Corresponding changelog from gzip-1.3.12 reads:
"""
2006-12-20 Paul Eggert <eggert@cs.ucla.edu>
* inflate.c (huft_build): Fix regression that caused gzip to
refuse to uncompress null input (all zero length codes). Problem
reported by Yiorgos Adamopoulos. This regression was caused by
the security patch installed 2006-11-20, which in turn came from
Debian, which in turn apparently came from Thomas Biege of SuSe.
"""
function old new delta
huft_build 1176 1216 +40
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | archival/libarchive/decompress_gunzip.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c index edff7e0e5..9a58d10d4 100644 --- a/archival/libarchive/decompress_gunzip.c +++ b/archival/libarchive/decompress_gunzip.c | |||
| @@ -280,8 +280,8 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current | |||
| 280 | /* Given a list of code lengths and a maximum table size, make a set of | 280 | /* Given a list of code lengths and a maximum table size, make a set of |
| 281 | * tables to decode that set of codes. Return zero on success, one if | 281 | * tables to decode that set of codes. Return zero on success, one if |
| 282 | * the given code set is incomplete (the tables are still built in this | 282 | * the given code set is incomplete (the tables are still built in this |
| 283 | * case), two if the input is invalid (all zero length codes or an | 283 | * case), two if the input is invalid (an oversubscribed set of lengths) |
| 284 | * oversubscribed set of lengths) - in this case stores NULL in *t. | 284 | * - in this case stores NULL in *t. |
| 285 | * | 285 | * |
| 286 | * b: code lengths in bits (all assumed <= BMAX) | 286 | * b: code lengths in bits (all assumed <= BMAX) |
| 287 | * n: number of codes (assumed <= N_MAX) | 287 | * n: number of codes (assumed <= N_MAX) |
| @@ -330,8 +330,15 @@ static int huft_build(const unsigned *b, const unsigned n, | |||
| 330 | p++; /* can't combine with above line (Solaris bug) */ | 330 | p++; /* can't combine with above line (Solaris bug) */ |
| 331 | } while (--i); | 331 | } while (--i); |
| 332 | if (c[0] == n) { /* null input - all zero length codes */ | 332 | if (c[0] == n) { /* null input - all zero length codes */ |
| 333 | *m = 0; | 333 | q = xzalloc(3 * sizeof(*q)); |
| 334 | return 2; | 334 | //q[0].v.t = NULL; |
| 335 | q[1].e = 99; /* invalid code marker */ | ||
| 336 | q[1].b = 1; | ||
| 337 | q[2].e = 99; /* invalid code marker */ | ||
| 338 | q[2].b = 1; | ||
| 339 | *t = q + 1; | ||
| 340 | *m = 1; | ||
| 341 | return 0; | ||
| 335 | } | 342 | } |
| 336 | 343 | ||
| 337 | /* Find minimum and maximum length, bound *m by those */ | 344 | /* Find minimum and maximum length, bound *m by those */ |