diff options
author | Denys Vlasenko | 2018-04-08 20:02:01 +0200 |
---|---|---|
committer | Denys Vlasenko | 2018-04-08 20:05:04 +0200 |
commit | 38ccd6af8abbafff98d458a1c62909acfc09a514 (patch) | |
tree | 1a4158db5c7e5e98111ff99d4a9078d93b4ccfcc /libbb | |
parent | 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e (diff) | |
download | busybox-38ccd6af8abbafff98d458a1c62909acfc09a514.zip busybox-38ccd6af8abbafff98d458a1c62909acfc09a514.tar.gz |
bzip2: fix two crashes on corrupted archives
As it turns out, longjmp'ing into freed stack is not healthy...
function old new delta
unpack_usage_messages - 97 +97
unpack_bz2_stream 369 409 +40
get_next_block 1667 1677 +10
get_bits 156 155 -1
start_bunzip 212 183 -29
bb_show_usage 181 120 -61
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 2/3 up/down: 147/-91) Total: 56 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb')
-rw-r--r-- | libbb/appletlib.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/libbb/appletlib.c b/libbb/appletlib.c index 022455d..769b788 100644 --- a/libbb/appletlib.c +++ b/libbb/appletlib.c @@ -102,14 +102,21 @@ static const char *unpack_usage_messages(void) char *outbuf = NULL; bunzip_data *bd; int i; + jmp_buf jmpbuf; - i = start_bunzip(&bd, + /* Setup for I/O error handling via longjmp */ + i = setjmp(jmpbuf); + if (i == 0) { + i = start_bunzip(&jmpbuf, + &bd, /* src_fd: */ -1, /* inbuf: */ packed_usage, - /* len: */ sizeof(packed_usage)); - /* read_bunzip can longjmp to start_bunzip, and ultimately - * end up here with i != 0 on read data errors! Not trivial */ - if (!i) { + /* len: */ sizeof(packed_usage) + ); + } + /* read_bunzip can longjmp and end up here with i != 0 + * on read data errors! Not trivial */ + if (i == 0) { /* Cannot use xmalloc: will leak bd in NOFORK case! */ outbuf = malloc_or_warn(sizeof(UNPACKED_USAGE)); if (outbuf) |