Extracted from a patch in Fedora. http://pkgs.fedoraproject.org/cgit/unzip.git/tree/unzip-6.0-heap-overflow-infloop.patch?id=d18f821e From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Tue, 22 Sep 2015 18:52:23 +0200 Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input Suggested-by: Stefan Cornelius --- extract.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/extract.c b/extract.c index 29db027..b9ae667 100644 --- a/extract.c +++ b/extract.c @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, if (G.lrec.compression_method == STORED) { zusz_t csiz_decrypted = G.lrec.csize; - if (G.pInfo->encrypted) + if (G.pInfo->encrypted) { + if (csiz_decrypted <= 12) { + /* handle the error now to prevent unsigned overflow */ + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall(ErrUnzipNoFile), + LoadFarString(InvalidComprData), + LoadFarStringSmall2(Inflate))); + return PK_ERR; + } csiz_decrypted -= 12; + } if (G.lrec.ucsize != csiz_decrypted) { Info(slide, 0x401, ((char *)slide, LoadFarStringSmall2(WrnStorUCSizCSizDiff), -- 2.5.2 '>diff
path: root/tests/records.scm
AgeCommit message (Expand)Author
2023-06-04tests: records: Add test for ellipsis in body....* tests/records.scm ("match-record, ellipsis in body"): New test. Josselin Poiret
2023-06-04records: Add MATCH-RECORD-LAMBDA....* guix/records.scm (match-record-lambda): New syntax. * tests/records.scm ("match-record-lambda"): New test. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz> (unmatched-parenthesis ew syntax
2023-06-04records: match-record: Support thunked and delayed fields....* guix/records.scm (match-record): Unwrap matched thunked and delayed fields. * tests/records.scm ("match-record, thunked field", "match-record, delayed field"): New tests. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz> (unmatched-parenthesis d
2022-12-27records: match-record supports specifying a different variable name....An example: (match-record obj <my-type> (field1 (field2 custom-var-name) field3) ...) * guix/records.scm (match-record-inner): Add support for the new syntax. * tests/records.scm ("match-record, simple"): Add a simple test case for the new syntax. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Attila Lendvai
2022-12-02records: 'match-record' checks fields at macro-expansion time....This allows 'match-record' to be more efficient (field offsets are computed at compilation time) and to report unknown fields at macro-expansion time. * guix/records.scm (map-fields): New macro. (define-record-type*)[rtd-identifier]: New procedure. Define TYPE as a macro and use a separate identifier for the RTD. (lookup-field, match-record-inner): New macros. (match-record): Rewrite in terms of 'match-error-inner'. * tests/records.scm ("match-record, simple") ("match-record, unknown field"): New tests. * gnu/services/cuirass.scm (cuirass-shepherd-service): Rename 'log-file' local variable to 'main-log-file'. * gnu/services/getmail.scm (serialize-getmail-configuration-file): Move after <getmail-configuration-file> definition. Ludovic Courtès
2022-07-01tests: Add sanitizer test....* tests/records.scm ("define-record-type* & sanitize without default value"): New test. Ludovic Courtès