diff options
| author | Tianjie Xu | 2016-09-21 16:58:11 -0500 |
|---|---|---|
| committer | Jiyong Park | 2017-06-30 03:18:31 -0500 |
| commit | fba1a36fd912963a838bcf992f898bc5e9370b63 (patch) | |
| tree | e9fa009e369796202bb1097ce054358d611eede3 /libziparchive | |
| parent | 7dbf1a187e6d82eb1dc3d9b2da44e8e320d5c758 (diff) | |
| download | platform-system-core-fba1a36fd912963a838bcf992f898bc5e9370b63.tar.gz platform-system-core-fba1a36fd912963a838bcf992f898bc5e9370b63.tar.xz platform-system-core-fba1a36fd912963a838bcf992f898bc5e9370b63.zip | |
Fix out of bound access in libziparchive
The boundary check of an invalid EOCD record may succeed due to the
overflow of uint32_t. Fix the check and add a unit test.
Test: Open the crash.apk and libziparchive reports the offset error as expected.
Bug: 31251826
Merged-In: I1d8092a19b73886a671bc9d291cfc27d65e3d236
Change-Id: I1d8092a19b73886a671bc9d291cfc27d65e3d236
(cherry picked from commit ae8180c06dee228cd1378c56afa6020ae98d8a24)
Diffstat (limited to 'libziparchive')
| -rw-r--r-- | libziparchive/testdata/crash.apk | bin | 0 -> 154 bytes | |||
| -rw-r--r-- | libziparchive/zip_archive_test.cc | 7 |
2 files changed, 7 insertions, 0 deletions
diff --git a/libziparchive/testdata/crash.apk b/libziparchive/testdata/crash.apk new file mode 100644 index 000000000..d6dd52dd7 --- /dev/null +++ b/libziparchive/testdata/crash.apk | |||
| Binary files differ | |||
diff --git a/libziparchive/zip_archive_test.cc b/libziparchive/zip_archive_test.cc index 52099c3b5..7653872fa 100644 --- a/libziparchive/zip_archive_test.cc +++ b/libziparchive/zip_archive_test.cc | |||
| @@ -40,6 +40,7 @@ static const std::string kMissingZip = "missing.zip"; | |||
| 40 | static const std::string kValidZip = "valid.zip"; | 40 | static const std::string kValidZip = "valid.zip"; |
| 41 | static const std::string kLargeZip = "large.zip"; | 41 | static const std::string kLargeZip = "large.zip"; |
| 42 | static const std::string kBadCrcZip = "bad_crc.zip"; | 42 | static const std::string kBadCrcZip = "bad_crc.zip"; |
| 43 | static const std::string kCrashApk = "crash.apk"; | ||
| 43 | static const std::string kUpdateZip = "dummy-update.zip"; | 44 | static const std::string kUpdateZip = "dummy-update.zip"; |
| 44 | 45 | ||
| 45 | static const std::vector<uint8_t> kATxtContents { | 46 | static const std::vector<uint8_t> kATxtContents { |
| @@ -89,6 +90,12 @@ TEST(ziparchive, Open) { | |||
| 89 | CloseArchive(handle); | 90 | CloseArchive(handle); |
| 90 | } | 91 | } |
| 91 | 92 | ||
| 93 | TEST(ziparchive, OutOfBound) { | ||
| 94 | ZipArchiveHandle handle; | ||
| 95 | ASSERT_EQ(-8, OpenArchiveWrapper(kCrashApk, &handle)); | ||
| 96 | CloseArchive(handle); | ||
| 97 | } | ||
| 98 | |||
| 92 | TEST(ziparchive, OpenMissing) { | 99 | TEST(ziparchive, OpenMissing) { |
| 93 | ZipArchiveHandle handle; | 100 | ZipArchiveHandle handle; |
| 94 | ASSERT_NE(0, OpenArchiveWrapper(kMissingZip, &handle)); | 101 | ASSERT_NE(0, OpenArchiveWrapper(kMissingZip, &handle)); |