File gunzip-fix-from-gzip-1.3.12-for-gzip-file-with-... of Package busybox-static.20467

Overview Repositories Revisions Requests Users Attributes Meta

File gunzip-fix-from-gzip-1.3.12-for-gzip-file-with-all-zero-length-codes.patch of Package busybox-static.20467

From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun Feb 4 00:15:29 2018 +0100
Subject: gunzip: fix from gzip-1.3.12 for gzip file with all zero length codes
Patch-mainline: 2598915d43d7403e72d312ac426e585499e94173
Git-repo: https://git.busybox.net/busybox
Git-commit: 2a93c6794c31665b5b4d461353ad566fc3255f0f
References:

Corresponding changelog from gzip-1.3.12 reads:

"""
2006-12-20  Paul Eggert  <eggert@cs.ucla.edu>
        * inflate.c (huft_build): Fix regression that caused gzip to
        refuse to uncompress null input (all zero length codes).  Problem
        reported by Yiorgos Adamopoulos.  This regression was caused by
        the security patch installed 2006-11-20, which in turn came from
        Debian, which in turn apparently came from Thomas Biege of SuSe.
"""

function                                             old     new   delta
huft_build                                          1176    1216     +40

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
 archival/libarchive/decompress_gunzip.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
index c7fa5b526..88745845d 100644
--- a/archival/libarchive/decompress_gunzip.c
+++ b/archival/libarchive/decompress_gunzip.c
@@ -281,8 +281,8 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
 /* Given a list of code lengths and a maximum table size, make a set of
  * tables to decode that set of codes.  Return zero on success, one if
  * the given code set is incomplete (the tables are still built in this
- * case), two if the input is invalid (all zero length codes or an
- * oversubscribed set of lengths) - in this case stores NULL in *t.
+ * case), two if the input is invalid (an oversubscribed set of lengths)
+ * - in this case stores NULL in *t.
  *
  * b:	code lengths in bits (all assumed <= BMAX)
  * n:	number of codes (assumed <= N_MAX)
@@ -331,8 +331,15 @@ static int huft_build(const unsigned *b, const unsigned n,
 		p++;     /* can't combine with above line (Solaris bug) */
 	} while (--i);
 	if (c[0] == n) {  /* null input - all zero length codes */
-		*m = 0;
-		return 2;
+		q = xzalloc(3 * sizeof(*q));
+		//q[0].v.t = NULL;
+		q[1].e = 99;    /* invalid code marker */
+		q[1].b = 1;
+		q[2].e = 99;    /* invalid code marker */
+		q[2].b = 1;
+		*t = q + 1;
+		*m = 1;
+		return 0;
 	}
 
 	/* Find minimum and maximum length, bound *m by those */

Places

File gunzip-fix-from-gzip-1.3.12-for-gzip-file-with-all-zero-length-codes.patch of Package busybox-static.20467

Places