diff options
author | Tianjie Xu | 2016-09-21 16:58:11 -0500 |
---|---|---|
committer | Jiyong Park | 2017-06-30 03:18:31 -0500 |
commit | fba1a36fd912963a838bcf992f898bc5e9370b63 (patch) | |
tree | e9fa009e369796202bb1097ce054358d611eede3 /libziparchive | |
parent | 7dbf1a187e6d82eb1dc3d9b2da44e8e320d5c758 (diff) | |
download | platform-system-core-fba1a36fd912963a838bcf992f898bc5e9370b63.tar.gz platform-system-core-fba1a36fd912963a838bcf992f898bc5e9370b63.tar.xz platform-system-core-fba1a36fd912963a838bcf992f898bc5e9370b63.zip |
Fix out of bound access in libziparchive
The boundary check of an invalid EOCD record may succeed due to the
overflow of uint32_t. Fix the check and add a unit test.
Test: Open the crash.apk and libziparchive reports the offset error as expected.
Bug: 31251826
Merged-In: I1d8092a19b73886a671bc9d291cfc27d65e3d236
Change-Id: I1d8092a19b73886a671bc9d291cfc27d65e3d236
(cherry picked from commit ae8180c06dee228cd1378c56afa6020ae98d8a24)
Diffstat (limited to 'libziparchive')
-rw-r--r-- | libziparchive/testdata/crash.apk | bin | 0 -> 154 bytes | |||
-rw-r--r-- | libziparchive/zip_archive_test.cc | 7 |
2 files changed, 7 insertions, 0 deletions
diff --git a/libziparchive/testdata/crash.apk b/libziparchive/testdata/crash.apk new file mode 100644 index 000000000..d6dd52dd7 --- /dev/null +++ b/libziparchive/testdata/crash.apk | |||
Binary files differ | |||
diff --git a/libziparchive/zip_archive_test.cc b/libziparchive/zip_archive_test.cc index 52099c3b5..7653872fa 100644 --- a/libziparchive/zip_archive_test.cc +++ b/libziparchive/zip_archive_test.cc | |||
@@ -40,6 +40,7 @@ static const std::string kMissingZip = "missing.zip"; | |||
40 | static const std::string kValidZip = "valid.zip"; | 40 | static const std::string kValidZip = "valid.zip"; |
41 | static const std::string kLargeZip = "large.zip"; | 41 | static const std::string kLargeZip = "large.zip"; |
42 | static const std::string kBadCrcZip = "bad_crc.zip"; | 42 | static const std::string kBadCrcZip = "bad_crc.zip"; |
43 | static const std::string kCrashApk = "crash.apk"; | ||
43 | static const std::string kUpdateZip = "dummy-update.zip"; | 44 | static const std::string kUpdateZip = "dummy-update.zip"; |
44 | 45 | ||
45 | static const std::vector<uint8_t> kATxtContents { | 46 | static const std::vector<uint8_t> kATxtContents { |
@@ -89,6 +90,12 @@ TEST(ziparchive, Open) { | |||
89 | CloseArchive(handle); | 90 | CloseArchive(handle); |
90 | } | 91 | } |
91 | 92 | ||
93 | TEST(ziparchive, OutOfBound) { | ||
94 | ZipArchiveHandle handle; | ||
95 | ASSERT_EQ(-8, OpenArchiveWrapper(kCrashApk, &handle)); | ||
96 | CloseArchive(handle); | ||
97 | } | ||
98 | |||
92 | TEST(ziparchive, OpenMissing) { | 99 | TEST(ziparchive, OpenMissing) { |
93 | ZipArchiveHandle handle; | 100 | ZipArchiveHandle handle; |
94 | ASSERT_NE(0, OpenArchiveWrapper(kMissingZip, &handle)); | 101 | ASSERT_NE(0, OpenArchiveWrapper(kMissingZip, &handle)); |