diff options
| author | Lasse Collin <lasse.collin@tukaani.org> | 2022-09-16 17:08:53 +0300 |
|---|---|---|
| committer | Lasse Collin <lasse.collin@tukaani.org> | 2022-09-16 17:08:53 +0300 |
| commit | c3592d0a55114144686ecf960cb516d6b31c98e9 (patch) | |
| tree | b0b3558d0f8a9db2667e3e1239d7c1bb0afcbe9a | |
| parent | Translations: Add Turkish translation. (diff) | |
| download | xz-c3592d0a55114144686ecf960cb516d6b31c98e9.tar.xz | |
Tests: Add a test file for lzma_index_append() integer overflow bug.
This test fails before commit 18d7facd3802b55c287581405c4d49c98708c136.
test_files.sh now runs xz -l for bad-3-index-uncomp-overflow.xz
because only then the previously-buggy code path gets tested.
Normal decompression doesn't use lzma_index_append() at all.
Instead, lzma_index_hash functions are used and those already
did the overflow check.
| -rw-r--r-- | tests/files/README | 10 | ||||
| -rw-r--r-- | tests/files/bad-3-index-uncomp-overflow.xz | bin | 0 -> 132 bytes | |||
| -rwxr-xr-x | tests/test_files.sh | 8 |
3 files changed, 18 insertions, 0 deletions
diff --git a/tests/files/README b/tests/files/README index ba05aba5..3e550dfe 100644 --- a/tests/files/README +++ b/tests/files/README @@ -209,6 +209,16 @@ file gets rejected specifically due to Unpadded Size having an invalid value. + bad-3-index-uncomp-overflow.xz has Index whose Uncompressed Size + fields have huge values whose sum exceeds the maximum allowed size + of 2^63 - 1 bytes. In this file the sum is exactly 2^64. + lzma_index_append() in liblzma <= 5.2.6 lacks the integer overflow + check for the uncompressed size and thus doesn't catch the error + when decoding the Index field in this file. This makes "xz -l" + not detect the error and will display 0 as the uncompressed size. + Note that regular decompression isn't affected by this bug because + it uses lzma_index_hash_append() instead. + bad-2-compressed_data_padding.xz has non-null byte in the padding of the Compressed Data field of the first Block. diff --git a/tests/files/bad-3-index-uncomp-overflow.xz b/tests/files/bad-3-index-uncomp-overflow.xz Binary files differnew file mode 100644 index 00000000..e1440ec6 --- /dev/null +++ b/tests/files/bad-3-index-uncomp-overflow.xz diff --git a/tests/test_files.sh b/tests/test_files.sh index dc507912..8686b6db 100755 --- a/tests/test_files.sh +++ b/tests/test_files.sh @@ -53,6 +53,14 @@ do fi done +# Testing for the lzma_index_append() bug in <= 5.2.6 needs "xz -l": +I="$srcdir/files/bad-3-index-uncomp-overflow.xz" +if test -n "$XZ" && "$XZ" -l "$I" > /dev/null 2>&1; then + echo "Bad file succeeded with xz -l: $I" + (exit 1) + exit 1 +fi + for I in "$srcdir"/files/good-*.lzma do if test -z "$XZ" || "$XZ" -dc "$I" > /dev/null; then |