| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
discussion in gh-1017).
|
|\
| |
| | |
Validate entry_bytes_remaining in pax_attribute
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `size` attribute may contain a negative or too large value. Check
the range of the `entry_bytes_remaining` in `pax_attribute` the same way
as `header_common`. The test which is added passes both with and without
this change in a normal debug build. It is necessary to run with
`-fsanitize=undefined` to see that the undefined behavior is avoided.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48467
|
|/ |
|
|
|
|
|
|
| |
Also changed a few vsprintf to vsnprintf.
Most cases were trivial, one private function was changed to take the buffer length, one case required some fancy arithmetic.
|
|\
| |
| | |
Fix compile on Android
|
| |
| |
| |
| | |
Fixes: #890
|
|\ \
| | |
| | | |
Bionic c deprecates readdir_r too
|
| |/
| |
| |
| | |
* See https://android.googlesource.com/platform/bionic/+/f19af37b5ee6cd5283683195d692fe3f713db2a5
|
|\ \
| | |
| | | |
archive_digest: Use correct providers with Windows Crypto
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Trying to use SHA256, SHA384 or SHA512 with mtree when linked against
Windows Crypto would result in silent failure. The call to
`CryptCreateHash` would fail with 0x80090008. The docs[1] say that
these algorithms require a different crypto provider, so let's make
that a parameter for `win_crypto_init` and choose at the call site along
with the algorithm.
[1] https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id
Signed-off-by: David Macek <david.macek.0@gmail.com>
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function returns 0 on error, which is seemingly very common with
OpenSSL 3.0 and rmd160.
Just error check the lot, so we don't get even more random failures with
future releases of OpenSSL.
Fixes #1549
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
|
|
|
|
|
| |
OSS-Fuzz issue 46279
Fixes #1715
|
|
|
|
|
| |
OSS-Fuzz issue: 38764
Fixes #1685
|
|
|
|
| |
Fixes #1672
|
|
|
|
|
| |
HP-UX does neither provide a function nor a macro. This solution based on an
issue with vim: https://github.com/vim/vim/issues/6838
|
| |
|
| |
|
|
|
|
|
|
| |
Add safety check to run_filters() and fix return codes
Reported-by: OSS-Fuzz #44843
|
| |
|
|\
| |
| | |
windows: include archive_platform.h first in blake2s sources
|
| |
| |
| |
| |
| |
| |
| |
| | |
Move the inclusion added by commit 90978db1 (windows: make sure we use
the right calling convention for libc, 2021-10-13, v3.6.0~39^2~1) to be
first. This is our convention in all other `.c` sources. It ensures
that our configured `_WIN32_WINNT` value is defined before including any
system headers.
|
|\ \
| | |
| | | |
Fix some test failures when building --without-zlib
|
| | | |
|
| |/
| |
| |
| |
| | |
Fix expected error messages when libarchive is compiled --without-zlib,
in order to fix test failures.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Rework function expand() to process integer passed by reference
and return an archive error code.
Fixes: 01a2d329dfc7 (support rar filters)
Reported-by: OSS-Fuzz #44547
|
| | |
|
|/ |
|
| |
|
| |
|
|\
| |
| | |
Reorganize test code a bit
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A few guiding principles:
* Each test source file includes ONLY "test.h" to make it easy
to create new tests.
* Each test suite has a "test.h" that includes "test_util/test_common.h"
to get access to all the common testing utility functions.
So "test_common.h" is then responsible for including
any smaller headers that declare specific pieces of
shared test functionality.
I've also pulled some test filtering logic that was _only_ used
in test_main.c into that file, and repurposed "test_utils.[ch]"
for common utility code. (Eventually, a lot of the assertion
helpers currently in "test_main.c" should probably be organized
into one or more source files of their own.)
|
|\ \
| | |
| | | |
Enable LZMA support for FreeBSD
|
| | |
| | |
| | |
| | | |
All supported FreeBSD releases have LZMA by default.
|
|\ \ \
| |/ /
|/| | |
RAR5 reader: add more checks for invalid extraction parameters
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some specially crafted files declare invalid extraction parameters that
can confuse the RAR5 reader.
One of the arguments is the declared window size parameter that the
archive file can declare for each file stored in the archive. Some
crafted files declare window size equal to 0, which is clearly wrong.
This commit adds additional safety checks decreasing the tolerance of
the RAR5 format.
This commit also contains OSSFuzz sample #30459.
|
|/ /
| |
| | |
Extra "dot" in line 176 of libarchive/archive_read_support_filter_lzop.c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RAR5 reader uses several variables to manage the window buffer during
extraction: the buffer itself (`window_buf`), the current size of the
window buffer (`window_size`), and a helper variable (`window_mask`)
that is used to constrain read and write offsets to the window buffer.
Some specially crafted files can force the unpacker to update the
`window_mask` variable to a value that is out of sync with current
buffer size. If the `window_mask` will be bigger than the actual buffer
size, then an invalid access operation can happen (SIGSEGV).
This commit ensures that if the `window_size` and `window_mask` will be
changed, the window buffer will be reallocated to the proper size, so no
invalid memory operation should be possible.
This commit contains a test file from OSSFuzz #30442.
|
|\ \
| | |
| | | |
Reduce test_write_format_7zip_large_lzma1 buffer size
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some of the test_write_format_7zip_large take longer than 10 minutes to
run on QEMU-RISC-V and therefore time out when run as part of the FreeBSD
test suite. This is even more noticeable when running on a CHERI-enabled
QEMU since the emulation of tagged memory makes it run slower.
On my local machine the impact is not as extreme, but
test_write_format_7zip_large_lzma1 takes 375ms when TEST_SLOW_HOST is set
and 8.2 seconds normally (i.e. 22 times slower).
The other alternative would be to skip these tests when not running on
real hardware, but it seems to me that compressing a smaller amount of
random data is preferable.
|
|\ \ \
| | | |
| | | | |
Include android_lf.h only for libarchive sources
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
The fix is analogous to the behavior in case of bzip2 compression.
|
|\ \ \ \
| | | | |
| | | | | |
ZIP reader: added support for Zstd decompression
|