Created
December 17, 2013 15:19
-
-
Save springmeyer/8006587 to your computer and use it in GitHub Desktop.
libzip crash testcase on invalid data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <errno.h> | |
| #include <zip.h> | |
| /* | |
| Test on OS X: | |
| brew install libzip | |
| # create bogus file like: | |
| echo 'bogus data' > bogus.zip | |
| clang -o testcase libzip-open-crash.c -I/usr/local/opt/libzip/include/ -I/usr/local/opt/libzip/lib/libzip/include/ -L/usr/local/opt/libzip/lib/ -lzip | |
| Segmentation fault: 11 | |
| Backtrace shows: | |
| Thread 0 Crashed:: Dispatch queue: com.apple.main-thread | |
| 0 libsystem_c.dylib 0x00007fff8e98189f memchr + 15 | |
| 1 libzip.2.dylib 0x000000010458f2a6 _zip_open + 1662 | |
| 2 libzip.2.dylib 0x000000010458eb34 zip_open + 170 | |
| 3 testcase 0x0000000104584e30 main + 64 | |
| 4 libdyld.dylib 0x00007fff8a69a7e1 start + 1 | |
| */ | |
| int main() { | |
| int err; | |
| char errstr[1024]; | |
| struct zip *za; | |
| int flags = ZIP_CHECKCONS; | |
| if ((za=zip_open("bogus.zip", flags, &err)) == NULL) { | |
| zip_error_to_str(errstr, sizeof(errstr), err, errno); | |
| printf("%s",errstr); | |
| zip_close(za); | |
| return -1; | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment