diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-04-08 20:45:16 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-04-08 20:45:16 +0200 |
| commit | a1870f4807a75663a085c9f5e92870fa7554f0ad (patch) | |
| tree | 7293c35ce6a4df9941c827e59c9b10708be0034e | |
| parent | 38ccd6af8abbafff98d458a1c62909acfc09a514 (diff) | |
| download | busybox-w32-a1870f4807a75663a085c9f5e92870fa7554f0ad.tar.gz busybox-w32-a1870f4807a75663a085c9f5e92870fa7554f0ad.tar.bz2 busybox-w32-a1870f4807a75663a085c9f5e92870fa7554f0ad.zip | |
unlzma: fix segfault on bad archive
function old new delta
unpack_lzma_stream 2647 2653 +6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | archival/libarchive/decompress_unlzma.c | 11 | ||||
| -rwxr-xr-x | testsuite/unlzma.tests | 21 | ||||
| -rw-r--r-- | testsuite/unlzma_issue_1.lzma | bin | 0 -> 171 bytes | |||
| -rw-r--r-- | testsuite/unlzma_issue_2.lzma | bin | 0 -> 261 bytes |
4 files changed, 32 insertions, 0 deletions
diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c index be4342414..80a453806 100644 --- a/archival/libarchive/decompress_unlzma.c +++ b/archival/libarchive/decompress_unlzma.c | |||
| @@ -11,6 +11,13 @@ | |||
| 11 | #include "libbb.h" | 11 | #include "libbb.h" |
| 12 | #include "bb_archive.h" | 12 | #include "bb_archive.h" |
| 13 | 13 | ||
| 14 | #if 0 | ||
| 15 | # define dbg(...) bb_error_msg(__VA_ARGS__) | ||
| 16 | #else | ||
| 17 | # define dbg(...) ((void)0) | ||
| 18 | #endif | ||
| 19 | |||
| 20 | |||
| 14 | #if ENABLE_FEATURE_LZMA_FAST | 21 | #if ENABLE_FEATURE_LZMA_FAST |
| 15 | # define speed_inline ALWAYS_INLINE | 22 | # define speed_inline ALWAYS_INLINE |
| 16 | # define size_inline | 23 | # define size_inline |
| @@ -417,6 +424,10 @@ unpack_lzma_stream(transformer_state_t *xstate) | |||
| 417 | for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--) | 424 | for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--) |
| 418 | rep0 = (rep0 << 1) | rc_direct_bit(rc); | 425 | rep0 = (rep0 << 1) | rc_direct_bit(rc); |
| 419 | rep0 <<= LZMA_NUM_ALIGN_BITS; | 426 | rep0 <<= LZMA_NUM_ALIGN_BITS; |
| 427 | if ((int32_t)rep0 < 0) { | ||
| 428 | dbg("%d rep0:%d", __LINE__, rep0); | ||
| 429 | goto bad; | ||
| 430 | } | ||
| 420 | prob3 = p + LZMA_ALIGN; | 431 | prob3 = p + LZMA_ALIGN; |
| 421 | } | 432 | } |
| 422 | i2 = 1; | 433 | i2 = 1; |
diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests new file mode 100755 index 000000000..0e98afe09 --- /dev/null +++ b/testsuite/unlzma.tests | |||
| @@ -0,0 +1,21 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | |||
| 3 | . ./testing.sh | ||
| 4 | |||
| 5 | # testing "test name" "commands" "expected result" "file input" "stdin" | ||
| 6 | # file input will be file called "input" | ||
| 7 | # test can create a file "actual" instead of writing to stdout | ||
| 8 | |||
| 9 | # Damaged encrypted streams | ||
| 10 | testing "unlzma (bad archive 1)" \ | ||
| 11 | "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \ | ||
| 12 | "1 | ||
| 13 | " "" "" | ||
| 14 | |||
| 15 | # Damaged encrypted streams | ||
| 16 | testing "unlzma (bad archive 2)" \ | ||
| 17 | "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \ | ||
| 18 | "1 | ||
| 19 | " "" "" | ||
| 20 | |||
| 21 | exit $FAILCOUNT | ||
diff --git a/testsuite/unlzma_issue_1.lzma b/testsuite/unlzma_issue_1.lzma new file mode 100644 index 000000000..fb70104ba --- /dev/null +++ b/testsuite/unlzma_issue_1.lzma | |||
| Binary files differ | |||
diff --git a/testsuite/unlzma_issue_2.lzma b/testsuite/unlzma_issue_2.lzma new file mode 100644 index 000000000..853f0fc29 --- /dev/null +++ b/testsuite/unlzma_issue_2.lzma | |||
| Binary files differ | |||