mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-02-12 20:37:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

std.tar fix assert exploited by fuzzing

Browse Source
This commit is contained in:
Igor Anić 2024-02-24 16:22:54 +01:00 committed by Andrew Kelley
parent 3eacd1b2e5
commit 8d651f512b
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/std/tar.zig
View File

@ -376,7 +376,7 @@ fn Iterator(comptime ReaderType: type) type {
self.file.link_name = try attr.value(&self.link_name_buffer);
},
.size => {
var buf: [64]u8 = undefined;
var buf: [pax_max_size_attr_len]u8 = undefined;
self.file.size = try std.fmt.parseInt(u64, try attr.value(&buf), 10);
},
}
@ -430,6 +430,9 @@ const PaxAttributeKind = enum {
size,
};
// maxInt(u64) has 20 chars, base 10 in practice we got 24 chars
const pax_max_size_attr_len = 64;
fn PaxIterator(comptime ReaderType: type) type {
return struct {
size: usize, // cumulative size of all pax attributes
@ -486,6 +489,9 @@ fn PaxIterator(comptime ReaderType: type) type {
try validateAttributeEnding(self.reader);
continue;
};
if (kind == .size and value_len > pax_max_size_attr_len) {
return error.PaxSizeAttrOverflow;
}
return Attribute{
.kind = kind,
.len = value_len,

4
lib/std/tar/test.zig
View File

@ -317,6 +317,10 @@ test "tar run Go test cases" {
.data = @embedFile("testdata/fuzz1.tar"),
.err = error.TarCorruptInput,
},
.{
.data = @embedFile("testdata/fuzz2.tar"),
.err = error.PaxSizeAttrOverflow,
},
};
for (cases) |case| {

BIN
lib/std/tar/testdata/fuzz2.tar vendored Normal file
View File

Binary file not shown.