diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-04-08 20:02:01 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-04-08 20:05:04 +0200 |
| commit | 38ccd6af8abbafff98d458a1c62909acfc09a514 (patch) | |
| tree | 1a4158db5c7e5e98111ff99d4a9078d93b4ccfcc /testsuite/bunzip2.tests | |
| parent | 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e (diff) | |
| download | busybox-38ccd6af8abbafff98d458a1c62909acfc09a514.tar.gz | |
bzip2: fix two crashes on corrupted archives
As it turns out, longjmp'ing into freed stack is not healthy...
function old new delta
unpack_usage_messages - 97 +97
unpack_bz2_stream 369 409 +40
get_next_block 1667 1677 +10
get_bits 156 155 -1
start_bunzip 212 183 -29
bb_show_usage 181 120 -61
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/3 up/down: 147/-91) Total: 56 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'testsuite/bunzip2.tests')
| -rwxr-xr-x | testsuite/bunzip2.tests | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/testsuite/bunzip2.tests b/testsuite/bunzip2.tests index fcfce1a31..edb332748 100755 --- a/testsuite/bunzip2.tests +++ b/testsuite/bunzip2.tests @@ -552,6 +552,22 @@ if test "${0##*/}" = "bunzip2.tests"; then echo "FAIL: $unpack: pbzip_4m_zeros file" FAILCOUNT=$((FAILCOUNT + 1)) fi + + errout="`${bb}bunzip2 <bz2_issue_11.bz2 2>&1 >/dev/null`" + if test x"$errout:$?" = x"bunzip2: bunzip error -5:1"; then + echo "PASS: $unpack: bz2_issue_11.bz2 corrupted example" + else + echo "FAIL: $unpack: bz2_issue_11.bz2 corrupted example" + FAILCOUNT=$((FAILCOUNT + 1)) + fi + + errout="`${bb}bunzip2 <bz2_issue_12.bz2 2>&1 >/dev/null`" + if test x"$errout:$?" = x"bunzip2: bunzip error -3:1"; then + echo "PASS: $unpack: bz2_issue_12.bz2 corrupted example" + else + echo "FAIL: $unpack: bz2_issue_12.bz2 corrupted example" + FAILCOUNT=$((FAILCOUNT + 1)) + fi fi exit $((FAILCOUNT <= 255 ? FAILCOUNT : 255)) |