镜像自地址
https://git.tukaani.org/xz.git
已同步 2025-09-18 08:28:24 +00:00
liblzma: Don't verify header CRC32s if building for fuzz testing.
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is #defined when liblzma is being built for fuzz testing. Most fuzzed inputs would normally get rejected because of incorrect CRC32 and the actual header decoding code wouldn't get fuzzed. Disabling CRC32 checks avoids this problem. The fuzzer program must still use LZMA_IGNORE_CHECK flag to disable verification of integrity checks of uncompressed data.
这个提交包含在:
父节点
f76f7516d6
当前提交
a18ae42a79
@ -67,8 +67,11 @@ lzma_block_header_decode(lzma_block *block,
|
|||||||
const size_t in_size = block->header_size - 4;
|
const size_t in_size = block->header_size - 4;
|
||||||
|
|
||||||
// Verify CRC32
|
// Verify CRC32
|
||||||
if (lzma_crc32(in, in_size, 0) != unaligned_read32le(in + in_size))
|
if (lzma_crc32(in, in_size, 0) != unaligned_read32le(in + in_size)) {
|
||||||
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
return LZMA_DATA_ERROR;
|
return LZMA_DATA_ERROR;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
// Check for unsupported flags.
|
// Check for unsupported flags.
|
||||||
if (in[1] & 0x3C)
|
if (in[1] & 0x3C)
|
||||||
|
@ -180,8 +180,11 @@ index_decode(void *coder_ptr, const lzma_allocator *allocator,
|
|||||||
return LZMA_OK;
|
return LZMA_OK;
|
||||||
|
|
||||||
if (((coder->crc32 >> (coder->pos * 8)) & 0xFF)
|
if (((coder->crc32 >> (coder->pos * 8)) & 0xFF)
|
||||||
!= in[(*in_pos)++])
|
!= in[(*in_pos)++]) {
|
||||||
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
return LZMA_DATA_ERROR;
|
return LZMA_DATA_ERROR;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
} while (++coder->pos < 4);
|
} while (++coder->pos < 4);
|
||||||
|
|
||||||
|
@ -313,8 +313,11 @@ lzma_index_hash_decode(lzma_index_hash *index_hash, const uint8_t *in,
|
|||||||
return LZMA_OK;
|
return LZMA_OK;
|
||||||
|
|
||||||
if (((index_hash->crc32 >> (index_hash->pos * 8))
|
if (((index_hash->crc32 >> (index_hash->pos * 8))
|
||||||
& 0xFF) != in[(*in_pos)++])
|
& 0xFF) != in[(*in_pos)++]) {
|
||||||
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
return LZMA_DATA_ERROR;
|
return LZMA_DATA_ERROR;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
} while (++index_hash->pos < 4);
|
} while (++index_hash->pos < 4);
|
||||||
|
|
||||||
|
@ -39,8 +39,11 @@ lzma_stream_header_decode(lzma_stream_flags *options, const uint8_t *in)
|
|||||||
const uint32_t crc = lzma_crc32(in + sizeof(lzma_header_magic),
|
const uint32_t crc = lzma_crc32(in + sizeof(lzma_header_magic),
|
||||||
LZMA_STREAM_FLAGS_SIZE, 0);
|
LZMA_STREAM_FLAGS_SIZE, 0);
|
||||||
if (crc != unaligned_read32le(in + sizeof(lzma_header_magic)
|
if (crc != unaligned_read32le(in + sizeof(lzma_header_magic)
|
||||||
+ LZMA_STREAM_FLAGS_SIZE))
|
+ LZMA_STREAM_FLAGS_SIZE)) {
|
||||||
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
return LZMA_DATA_ERROR;
|
return LZMA_DATA_ERROR;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
// Stream Flags
|
// Stream Flags
|
||||||
if (stream_flags_decode(options, in + sizeof(lzma_header_magic)))
|
if (stream_flags_decode(options, in + sizeof(lzma_header_magic)))
|
||||||
@ -67,8 +70,11 @@ lzma_stream_footer_decode(lzma_stream_flags *options, const uint8_t *in)
|
|||||||
// CRC32
|
// CRC32
|
||||||
const uint32_t crc = lzma_crc32(in + sizeof(uint32_t),
|
const uint32_t crc = lzma_crc32(in + sizeof(uint32_t),
|
||||||
sizeof(uint32_t) + LZMA_STREAM_FLAGS_SIZE, 0);
|
sizeof(uint32_t) + LZMA_STREAM_FLAGS_SIZE, 0);
|
||||||
if (crc != unaligned_read32le(in))
|
if (crc != unaligned_read32le(in)) {
|
||||||
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
return LZMA_DATA_ERROR;
|
return LZMA_DATA_ERROR;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
// Stream Flags
|
// Stream Flags
|
||||||
if (stream_flags_decode(options, in + sizeof(uint32_t) * 2))
|
if (stream_flags_decode(options, in + sizeof(uint32_t) * 2))
|
||||||
|
正在加载...
x
在新工单中引用
屏蔽一个用户