aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2022-09-16 17:08:53 +0300
committerLasse Collin <lasse.collin@tukaani.org>2022-09-17 00:21:54 +0300
commitea57b9aa2c3e1cdb667f8dd698314b1c36047018 (patch)
tree2aae469e5011cf0485d5a2b15b9ed024328c811e
parentliblzma: lzma_index_append: Add missing integer overflow check. (diff)
downloadxz-ea57b9aa2c3e1cdb667f8dd698314b1c36047018.tar.xz
Tests: Add a test file for lzma_index_append() integer overflow bug.
This test fails before commit 18d7facd3802b55c287581405c4d49c98708c136. test_files.sh now runs xz -l for bad-3-index-uncomp-overflow.xz because only then the previously-buggy code path gets tested. Normal decompression doesn't use lzma_index_append() at all. Instead, lzma_index_hash functions are used and those already did the overflow check.
-rw-r--r--tests/files/README10
-rw-r--r--tests/files/bad-3-index-uncomp-overflow.xzbin0 -> 132 bytes
-rwxr-xr-xtests/test_files.sh8
3 files changed, 18 insertions, 0 deletions
diff --git a/tests/files/README b/tests/files/README
index ba05aba5..3e550dfe 100644
--- a/tests/files/README
+++ b/tests/files/README
@@ -209,6 +209,16 @@
file gets rejected specifically due to Unpadded Size having an invalid
value.
+ bad-3-index-uncomp-overflow.xz has Index whose Uncompressed Size
+ fields have huge values whose sum exceeds the maximum allowed size
+ of 2^63 - 1 bytes. In this file the sum is exactly 2^64.
+ lzma_index_append() in liblzma <= 5.2.6 lacks the integer overflow
+ check for the uncompressed size and thus doesn't catch the error
+ when decoding the Index field in this file. This makes "xz -l"
+ not detect the error and will display 0 as the uncompressed size.
+ Note that regular decompression isn't affected by this bug because
+ it uses lzma_index_hash_append() instead.
+
bad-2-compressed_data_padding.xz has non-null byte in the padding of
the Compressed Data field of the first Block.
diff --git a/tests/files/bad-3-index-uncomp-overflow.xz b/tests/files/bad-3-index-uncomp-overflow.xz
new file mode 100644
index 00000000..e1440ec6
--- /dev/null
+++ b/tests/files/bad-3-index-uncomp-overflow.xz
Binary files differ
diff --git a/tests/test_files.sh b/tests/test_files.sh
index dc507912..8686b6db 100755
--- a/tests/test_files.sh
+++ b/tests/test_files.sh
@@ -53,6 +53,14 @@ do
fi
done
+# Testing for the lzma_index_append() bug in <= 5.2.6 needs "xz -l":
+I="$srcdir/files/bad-3-index-uncomp-overflow.xz"
+if test -n "$XZ" && "$XZ" -l "$I" > /dev/null 2>&1; then
+ echo "Bad file succeeded with xz -l: $I"
+ (exit 1)
+ exit 1
+fi
+
for I in "$srcdir"/files/good-*.lzma
do
if test -z "$XZ" || "$XZ" -dc "$I" > /dev/null; then