diff options
| author | Lasse Collin <lasse.collin@tukaani.org> | 2018-10-26 22:49:10 +0300 |
|---|---|---|
| committer | Lasse Collin <lasse.collin@tukaani.org> | 2018-10-26 22:49:10 +0300 |
| commit | a18ae42a79a19b1394b41eb3e238139fd28012ec (patch) | |
| tree | f2394d743768860000ba45774dab932eafb87fcb /src/liblzma/common/stream_flags_decoder.c | |
| parent | xzless: Rename unused variables to silence static analysers. (diff) | |
| download | xz-a18ae42a79a19b1394b41eb3e238139fd28012ec.tar.xz | |
liblzma: Don't verify header CRC32s if building for fuzz testing.
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is #defined when liblzma
is being built for fuzz testing.
Most fuzzed inputs would normally get rejected because of incorrect
CRC32 and the actual header decoding code wouldn't get fuzzed.
Disabling CRC32 checks avoids this problem. The fuzzer program
must still use LZMA_IGNORE_CHECK flag to disable verification of
integrity checks of uncompressed data.
Diffstat (limited to 'src/liblzma/common/stream_flags_decoder.c')
| -rw-r--r-- | src/liblzma/common/stream_flags_decoder.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/liblzma/common/stream_flags_decoder.c b/src/liblzma/common/stream_flags_decoder.c index 1bc2f97c..84f9467f 100644 --- a/src/liblzma/common/stream_flags_decoder.c +++ b/src/liblzma/common/stream_flags_decoder.c @@ -39,8 +39,11 @@ lzma_stream_header_decode(lzma_stream_flags *options, const uint8_t *in) const uint32_t crc = lzma_crc32(in + sizeof(lzma_header_magic), LZMA_STREAM_FLAGS_SIZE, 0); if (crc != unaligned_read32le(in + sizeof(lzma_header_magic) - + LZMA_STREAM_FLAGS_SIZE)) + + LZMA_STREAM_FLAGS_SIZE)) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION return LZMA_DATA_ERROR; +#endif + } // Stream Flags if (stream_flags_decode(options, in + sizeof(lzma_header_magic))) @@ -67,8 +70,11 @@ lzma_stream_footer_decode(lzma_stream_flags *options, const uint8_t *in) // CRC32 const uint32_t crc = lzma_crc32(in + sizeof(uint32_t), sizeof(uint32_t) + LZMA_STREAM_FLAGS_SIZE, 0); - if (crc != unaligned_read32le(in)) + if (crc != unaligned_read32le(in)) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION return LZMA_DATA_ERROR; +#endif + } // Stream Flags if (stream_flags_decode(options, in + sizeof(uint32_t) * 2)) |