bzip2: fix two crashes on corrupted archives
As it turns out, longjmp'ing into freed stack is not healthy... function old new delta unpack_usage_messages - 97 +97 unpack_bz2_stream 369 409 +40 get_next_block 1667 1677 +10 get_bits 156 155 -1 start_bunzip 212 183 -29 bb_show_usage 181 120 -61 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 2/3 up/down: 147/-91) Total: 56 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
@@ -552,6 +552,22 @@ if test "${0##*/}" = "bunzip2.tests"; then
|
||||
echo "FAIL: $unpack: pbzip_4m_zeros file"
|
||||
FAILCOUNT=$((FAILCOUNT + 1))
|
||||
fi
|
||||
|
||||
errout="`${bb}bunzip2 <bz2_issue_11.bz2 2>&1 >/dev/null`"
|
||||
if test x"$errout:$?" = x"bunzip2: bunzip error -5:1"; then
|
||||
echo "PASS: $unpack: bz2_issue_11.bz2 corrupted example"
|
||||
else
|
||||
echo "FAIL: $unpack: bz2_issue_11.bz2 corrupted example"
|
||||
FAILCOUNT=$((FAILCOUNT + 1))
|
||||
fi
|
||||
|
||||
errout="`${bb}bunzip2 <bz2_issue_12.bz2 2>&1 >/dev/null`"
|
||||
if test x"$errout:$?" = x"bunzip2: bunzip error -3:1"; then
|
||||
echo "PASS: $unpack: bz2_issue_12.bz2 corrupted example"
|
||||
else
|
||||
echo "FAIL: $unpack: bz2_issue_12.bz2 corrupted example"
|
||||
FAILCOUNT=$((FAILCOUNT + 1))
|
||||
fi
|
||||
fi
|
||||
|
||||
exit $((FAILCOUNT <= 255 ? FAILCOUNT : 255))
|
||||
|
BIN
testsuite/bz2_issue_11.bz2
Normal file
BIN
testsuite/bz2_issue_11.bz2
Normal file
Binary file not shown.
BIN
testsuite/bz2_issue_12.bz2
Normal file
BIN
testsuite/bz2_issue_12.bz2
Normal file
Binary file not shown.
Reference in New Issue
Block a user