From 38ccd6af8abbafff98d458a1c62909acfc09a514 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun, 8 Apr 2018 20:02:01 +0200
Subject: bzip2: fix two crashes on corrupted archives

As it turns out, longjmp'ing into freed stack is not healthy...

function                                             old     new   delta
unpack_usage_messages                                  -      97     +97
unpack_bz2_stream                                    369     409     +40
get_next_block                                      1667    1677     +10
get_bits                                             156     155      -1
start_bunzip                                         212     183     -29
bb_show_usage                                        181     120     -61
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/3 up/down: 147/-91)            Total: 56 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 testsuite/bunzip2.tests | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'testsuite/bunzip2.tests')

diff --git a/testsuite/bunzip2.tests b/testsuite/bunzip2.tests
index fcfce1a31..edb332748 100755
--- a/testsuite/bunzip2.tests
+++ b/testsuite/bunzip2.tests
@@ -552,6 +552,22 @@ if test "${0##*/}" = "bunzip2.tests"; then
 	echo "FAIL: $unpack: pbzip_4m_zeros file"
 	FAILCOUNT=$((FAILCOUNT + 1))
     fi
+
+    errout="`${bb}bunzip2 <bz2_issue_11.bz2 2>&1 >/dev/null`"
+    if test x"$errout:$?" = x"bunzip2: bunzip error -5:1"; then
+	echo "PASS: $unpack: bz2_issue_11.bz2 corrupted example"
+    else
+	echo "FAIL: $unpack: bz2_issue_11.bz2 corrupted example"
+	FAILCOUNT=$((FAILCOUNT + 1))
+    fi
+
+    errout="`${bb}bunzip2 <bz2_issue_12.bz2 2>&1 >/dev/null`"
+    if test x"$errout:$?" = x"bunzip2: bunzip error -3:1"; then
+	echo "PASS: $unpack: bz2_issue_12.bz2 corrupted example"
+    else
+	echo "FAIL: $unpack: bz2_issue_12.bz2 corrupted example"
+	FAILCOUNT=$((FAILCOUNT + 1))
+    fi
 fi
 
 exit $((FAILCOUNT <= 255 ? FAILCOUNT : 255))
-- 
cgit v1.2.3