From 79f88bd1e54d6042fbe50c212f836920fa208e56 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 16 Oct 2017 01:02:54 -0700 Subject: [PATCH] gzip: fix bug in unpack EOB check Problem reported by Vidar Holen (Bug#28861). * NEWS: Mention fix. * tests/unpack-valid: New test. * tests/Makefile.am (TESTS): Add it. * unpack.c (build_tree): Report an error if Huffman tree has too few leaves. * unpack.c (unpack): Fix check for EOB. Remove now-unnecessary check for code out of range. --- NEWS | 3 +++ tests/Makefile.am | 1 + tests/unpack-valid | 32 ++++++++++++++++++++++++++++++++ unpack.c | 7 ++++--- 4 files changed, 40 insertions(+), 3 deletions(-) create mode 100755 tests/unpack-valid diff --git a/NEWS b/NEWS index 50b2e99..4a280c4 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,9 @@ GNU gzip NEWS -*- outline -*- ** Bug fixes + When decompressing data in 'pack' format, gzip no longer mishandles + leading zeros in the end-of-block code. [bug introduced in gzip-1.6] + When converting timestamps to gzip file format (32-bit unsigned) or to time_t format (system-dependent), gzip now ignores out-of-range values instead of shoehorning them into the destination format, diff --git a/tests/Makefile.am b/tests/Makefile.am index df1789d..3b1c824 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -28,6 +28,7 @@ TESTS = \ timestamp \ trailing-nul \ unpack-invalid \ + unpack-valid \ z-suffix \ zdiff \ zgrep-f \ diff --git a/tests/unpack-valid b/tests/unpack-valid new file mode 100755 index 0000000..2348466 --- /dev/null +++ b/tests/unpack-valid @@ -0,0 +1,32 @@ +#!/bin/sh +# Test end-of-block check in unpack code + +# Copyright 2017 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# limit so don't run it by default. + +. "${srcdir=.}/init.sh"; path_prepend_ .. + +printf banana >exp || framework_failure_ +printf '\x1f\x1e\x00\x00\x00\x06\x03\x01\x01\x00\x61\x6e\x62\x16\xc8' >test.z \ + || framework_failure_ + +fail=0 +gzip -dc test.z > out 2> err || fail=1 + +compare exp out || fail=1 +compare /dev/null err || fail=1 + +Exit $fail diff --git a/unpack.c b/unpack.c index c1a3684..04ab705 100644 --- a/unpack.c +++ b/unpack.c @@ -186,6 +186,9 @@ local void build_tree() /* Restore nodes to be parents+leaves: */ nodes += leaves[len]; } + if ((nodes >> 1) != 1) + gzip_error ("too few leaves in Huffman tree"); + /* Construct the prefix table, from shortest leaves to longest ones. * The shortest code is all ones, so we start at the end of the table. */ @@ -250,10 +253,8 @@ int unpack(in, out) } } /* At this point, peek is the next complete code, of len bits */ - if (peek == eob) + if (peek == eob && len == max_len) break; /* End of file. */ - if (eob < peek) - gzip_error ("invalid compressed data--code out of range"); put_ubyte(literal[peek+lit_base[len]]); Tracev((stderr,"%02d %04x %c\n", len, peek, literal[peek+lit_base[len]])); -- 2.11.4.GIT