Apple-2gs-SW/hush
1
0
Fork 0
mirror of https://github.com/sheumann/hush.git synced 2025-01-11 08:29:54 +00:00
Code Issues Projects Releases Wiki Activity

bunzip2: fix off-by-one check

Browse Source 
stage3-armv7a_hardfp-20130209.tar.bz2, 149189948 bytes long,
md5sum b29ce23312e14eb15a143377d4a38473, was failing to unpack.

It so happened that this file has a run which exactly fills
the 90k buffer. The check was "size >= bufsize", apparently
it has to be ">".

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2013-10-06 22:53:14 +02:00
parent cd256e1c40
commit 932e233a49
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
archival/libarchive/decompress_bunzip2.c
View File

@ -42,6 +42,12 @@
#include "libbb.h" #include "libbb.h"
#include "bb_archive.h" #include "bb_archive.h"
#if 0
# define dbg(...) bb_error_msg(__VA_ARGS__)
#else
# define dbg(...) ((void)0)
#endif
/* Constants for Huffman coding */ /* Constants for Huffman coding */
#define MAX_GROUPS 6 #define MAX_GROUPS 6
#define GROUP_SIZE 50 /* 64 would have been more efficient */ #define GROUP_SIZE 50 /* 64 would have been more efficient */
@ -52,13 +58,13 @@
/* Status return values */ /* Status return values */
#define RETVAL_OK 0 #define RETVAL_OK 0
#define RETVAL_LAST_BLOCK (-1) #define RETVAL_LAST_BLOCK (dbg("%d", __LINE__), -1)
#define RETVAL_NOT_BZIP_DATA (-2) #define RETVAL_NOT_BZIP_DATA (dbg("%d", __LINE__), -2)
#define RETVAL_UNEXPECTED_INPUT_EOF (-3) #define RETVAL_UNEXPECTED_INPUT_EOF (dbg("%d", __LINE__), -3)
#define RETVAL_SHORT_WRITE (-4) #define RETVAL_SHORT_WRITE (dbg("%d", __LINE__), -4)
#define RETVAL_DATA_ERROR (-5) #define RETVAL_DATA_ERROR (dbg("%d", __LINE__), -5)
#define RETVAL_OUT_OF_MEMORY (-6) #define RETVAL_OUT_OF_MEMORY (dbg("%d", __LINE__), -6)
#define RETVAL_OBSOLETE_INPUT (-7) #define RETVAL_OBSOLETE_INPUT (dbg("%d", __LINE__), -7)
/* Other housekeeping constants */ /* Other housekeeping constants */
#define IOBUF_SIZE 4096 #define IOBUF_SIZE 4096
@ -440,7 +446,11 @@ static int get_next_block(bunzip_data *bd)
literal used is the one at the head of the mtfSymbol array.) */ literal used is the one at the head of the mtfSymbol array.) */
if (runPos != 0) { if (runPos != 0) {
uint8_t tmp_byte; uint8_t tmp_byte;
if (dbufCount + runCnt >= dbufSize) return RETVAL_DATA_ERROR; if (dbufCount + runCnt > dbufSize) {
dbg("dbufCount:%d+runCnt:%d %d > dbufSize:%d RETVAL_DATA_ERROR",
dbufCount, runCnt, dbufCount + runCnt, dbufSize);
return RETVAL_DATA_ERROR;
}
tmp_byte = symToByte[mtfSymbol[0]]; tmp_byte = symToByte[mtfSymbol[0]];
byteCount[tmp_byte] += runCnt; byteCount[tmp_byte] += runCnt;
while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte; while (--runCnt >= 0) dbuf[dbufCount++] = (uint32_t)tmp_byte;