mirror of https://git.tukaani.org/xz.git
Tests: Add a test file for lzma_index_append() integer overflow bug.
This test fails before commit 18d7facd38
.
test_files.sh now runs xz -l for bad-3-index-uncomp-overflow.xz
because only then the previously-buggy code path gets tested.
Normal decompression doesn't use lzma_index_append() at all.
Instead, lzma_index_hash functions are used and those already
did the overflow check.
This commit is contained in:
parent
72e1645a43
commit
ea57b9aa2c
|
@ -209,6 +209,16 @@
|
||||||
file gets rejected specifically due to Unpadded Size having an invalid
|
file gets rejected specifically due to Unpadded Size having an invalid
|
||||||
value.
|
value.
|
||||||
|
|
||||||
|
bad-3-index-uncomp-overflow.xz has Index whose Uncompressed Size
|
||||||
|
fields have huge values whose sum exceeds the maximum allowed size
|
||||||
|
of 2^63 - 1 bytes. In this file the sum is exactly 2^64.
|
||||||
|
lzma_index_append() in liblzma <= 5.2.6 lacks the integer overflow
|
||||||
|
check for the uncompressed size and thus doesn't catch the error
|
||||||
|
when decoding the Index field in this file. This makes "xz -l"
|
||||||
|
not detect the error and will display 0 as the uncompressed size.
|
||||||
|
Note that regular decompression isn't affected by this bug because
|
||||||
|
it uses lzma_index_hash_append() instead.
|
||||||
|
|
||||||
bad-2-compressed_data_padding.xz has non-null byte in the padding of
|
bad-2-compressed_data_padding.xz has non-null byte in the padding of
|
||||||
the Compressed Data field of the first Block.
|
the Compressed Data field of the first Block.
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -53,6 +53,14 @@ do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Testing for the lzma_index_append() bug in <= 5.2.6 needs "xz -l":
|
||||||
|
I="$srcdir/files/bad-3-index-uncomp-overflow.xz"
|
||||||
|
if test -n "$XZ" && "$XZ" -l "$I" > /dev/null 2>&1; then
|
||||||
|
echo "Bad file succeeded with xz -l: $I"
|
||||||
|
(exit 1)
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
for I in "$srcdir"/files/good-*.lzma
|
for I in "$srcdir"/files/good-*.lzma
|
||||||
do
|
do
|
||||||
if test -z "$XZ" || "$XZ" -dc "$I" > /dev/null; then
|
if test -z "$XZ" || "$XZ" -dc "$I" > /dev/null; then
|
||||||
|
|
Loading…
Reference in New Issue