diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2021-06-15 15:07:57 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2021-06-15 15:14:00 +0200 |
| commit | 04f052c56ded5ab6a904e3a264a73dc0412b2e78 (patch) | |
| tree | 607ac1970ec5f880b317f2937f9f664e52d65c44 /testsuite | |
| parent | 4d4fc5ca5ee4faae5dc4237f801d9527a3fb20cc (diff) | |
| download | busybox-04f052c56ded5ab6a904e3a264a73dc0412b2e78.tar.gz | |
unlzma: fix a case where we could read before beginning of buffer
Testcase:
21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6
00 17 02 10 11 0f ff 00 16 00 00
Unfortunately, the bug is not reliably causing a segfault,
the behavior depends on what's in memory before the buffer.
function old new delta
unpack_lzma_stream 2762 2768 +6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'testsuite')
| -rwxr-xr-x | testsuite/unlzma.tests | 17 | ||||
| -rw-r--r-- | testsuite/unlzma_issue_3.lzma | bin | 0 -> 27 bytes |
2 files changed, 13 insertions, 4 deletions
diff --git a/testsuite/unlzma.tests b/testsuite/unlzma.tests index 0e98afe09..fcc6e9441 100755 --- a/testsuite/unlzma.tests +++ b/testsuite/unlzma.tests @@ -8,14 +8,23 @@ # Damaged encrypted streams testing "unlzma (bad archive 1)" \ - "unlzma <unlzma_issue_1.lzma >/dev/null; echo \$?" \ -"1 + "unlzma <unlzma_issue_1.lzma 2>&1 >/dev/null; echo \$?" \ +"unlzma: corrupted data +1 " "" "" # Damaged encrypted streams testing "unlzma (bad archive 2)" \ - "unlzma <unlzma_issue_2.lzma >/dev/null; echo \$?" \ -"1 + "unlzma <unlzma_issue_2.lzma 2>&1 >/dev/null; echo \$?" \ +"unlzma: corrupted data +1 +" "" "" + +# Damaged encrypted streams +testing "unlzma (bad archive 3)" \ + "unlzma <unlzma_issue_3.lzma 2>&1 >/dev/null; echo \$?" \ +"unlzma: corrupted data +1 " "" "" exit $FAILCOUNT diff --git a/testsuite/unlzma_issue_3.lzma b/testsuite/unlzma_issue_3.lzma Binary files differnew file mode 100644 index 000000000..cc60f29e4 --- /dev/null +++ b/testsuite/unlzma_issue_3.lzma |