ruby-changes:20977
From: nahi <ko1@a...>
Date: Tue, 23 Aug 2011 15:16:31 +0900 (JST)
Subject: [ruby-changes:20977] nahi:r33025 (ruby_1_9_3): * backport r33023 from trunk.
nahi 2011-08-23 15:16:16 +0900 (Tue, 23 Aug 2011) New Revision: 33025 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33025 Log: * backport r33023 from trunk. * ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of gzip header is readable to avoid SEGV. * test/zlib/test_zlib.rb (test_corrupted_header): Test it. Modified files: branches/ruby_1_9_3/ChangeLog branches/ruby_1_9_3/ext/zlib/zlib.c branches/ruby_1_9_3/test/zlib/test_zlib.rb Index: ruby_1_9_3/ChangeLog =================================================================== --- ruby_1_9_3/ChangeLog (revision 33024) +++ ruby_1_9_3/ChangeLog (revision 33025) @@ -1,3 +1,12 @@ +Tue Aug 23 15:11:48 2011 Hiroshi Nakamura <nahi@r...> + + * backport r33023 from trunk. + + * ext/zlib/zlib.c (gzfile_read_header): Ensure that each section of + gzip header is readable to avoid SEGV. + + * test/zlib/test_zlib.rb (test_corrupted_header): Test it. + Sun Aug 21 17:58:38 2011 Kazuki Tsujimoto <kazuki@c...> * backport r33019 from trunk. Index: ruby_1_9_3/ext/zlib/zlib.c =================================================================== --- ruby_1_9_3/ext/zlib/zlib.c (revision 33024) +++ ruby_1_9_3/ext/zlib/zlib.c (revision 33025) @@ -2306,6 +2306,9 @@ zstream_discard_input(&gz->z, 2 + len); } if (flags & GZ_FLAG_ORIG_NAME) { + if (!gzfile_read_raw_ensure(gz, 1)) { + rb_raise(cGzError, "unexpected end of file"); + } p = gzfile_read_raw_until_zero(gz, 0); len = p - RSTRING_PTR(gz->z.input); gz->orig_name = rb_str_new(RSTRING_PTR(gz->z.input), len); @@ -2313,6 +2316,9 @@ zstream_discard_input(&gz->z, len + 1); } if (flags & GZ_FLAG_COMMENT) { + if (!gzfile_read_raw_ensure(gz, 1)) { + rb_raise(cGzError, "unexpected end of file"); + } p = gzfile_read_raw_until_zero(gz, 0); len = p - RSTRING_PTR(gz->z.input); gz->comment = rb_str_new(RSTRING_PTR(gz->z.input), len); Index: ruby_1_9_3/test/zlib/test_zlib.rb =================================================================== --- ruby_1_9_3/test/zlib/test_zlib.rb (revision 33024) +++ ruby_1_9_3/test/zlib/test_zlib.rb (revision 33025) @@ -694,6 +694,20 @@ assert_equal("foo", Zlib::GzipReader.wrap(f) {|gz| gz.read }) assert_raise(IOError) { f.close } end + + def test_corrupted_header + gz = Zlib::GzipWriter.new(StringIO.new(s = "")) + gz.orig_name = "X" + gz.comment = "Y" + gz.print("foo") + gz.finish + # 14: magic(2) + method(1) + flag(1) + mtime(4) + exflag(1) + os(1) + orig_name(2) + comment(2) + 1.upto(14) do |idx| + assert_raise(Zlib::GzipFile::Error, idx) do + Zlib::GzipReader.new(StringIO.new(s[0, idx])).read + end + end + end end class TestZlibGzipWriter < Test::Unit::TestCase -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/