summaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
authorDenys Vlasenko2018-04-08 20:02:01 +0200
committerDenys Vlasenko2018-04-08 20:05:04 +0200
commit38ccd6af8abbafff98d458a1c62909acfc09a514 (patch)
tree1a4158db5c7e5e98111ff99d4a9078d93b4ccfcc /libbb
parent8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e (diff)
downloadbusybox-38ccd6af8abbafff98d458a1c62909acfc09a514.zip
busybox-38ccd6af8abbafff98d458a1c62909acfc09a514.tar.gz
bzip2: fix two crashes on corrupted archives
As it turns out, longjmp'ing into freed stack is not healthy... function old new delta unpack_usage_messages - 97 +97 unpack_bz2_stream 369 409 +40 get_next_block 1667 1677 +10 get_bits 156 155 -1 start_bunzip 212 183 -29 bb_show_usage 181 120 -61 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 2/3 up/down: 147/-91) Total: 56 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb')
-rw-r--r--libbb/appletlib.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/libbb/appletlib.c b/libbb/appletlib.c
index 022455d..769b788 100644
--- a/libbb/appletlib.c
+++ b/libbb/appletlib.c
@@ -102,14 +102,21 @@ static const char *unpack_usage_messages(void)
char *outbuf = NULL;
bunzip_data *bd;
int i;
+ jmp_buf jmpbuf;
- i = start_bunzip(&bd,
+ /* Setup for I/O error handling via longjmp */
+ i = setjmp(jmpbuf);
+ if (i == 0) {
+ i = start_bunzip(&jmpbuf,
+ &bd,
/* src_fd: */ -1,
/* inbuf: */ packed_usage,
- /* len: */ sizeof(packed_usage));
- /* read_bunzip can longjmp to start_bunzip, and ultimately
- * end up here with i != 0 on read data errors! Not trivial */
- if (!i) {
+ /* len: */ sizeof(packed_usage)
+ );
+ }
+ /* read_bunzip can longjmp and end up here with i != 0
+ * on read data errors! Not trivial */
+ if (i == 0) {
/* Cannot use xmalloc: will leak bd in NOFORK case! */
outbuf = malloc_or_warn(sizeof(UNPACKED_USAGE));
if (outbuf)