Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d488704f authored Sep 07, 2018 by Tianjie Xu Committed by Tim Schumacher Mar 05, 2019

DO NOT MERGE: Initialize the ZipArchive to zero before parsing

The fields of the ZipArchive on the stack are not initialized before we
call libminzip to parse the zip file. As a result, some random memory
location is freed unintentionally when we close the ZipArchive upon
parsing failures.

Bug: 35385357
Test: recompile and run the poc with asan.
Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079

parent 2baec0b0

install.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -530,7 +530,7 @@ really_install_package(const char path, bool wipe_cache, bool needs_mount,
		}

		// Try to open the package.
		ZipArchive zip;
		ZipArchive zip = {};
		int err = mzOpenZipArchive(map.addr, map.length, &zip);
		if (err != 0) {
		LOGE("Can't open %s\n(%s)\n", path, err != -1 ? strerror(err) : "bad");

updater/updater.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -77,7 +77,7 @@ int main(int argc, char** argv) {
		printf("failed to map package %s\n", argv[3]);
		return 3;
		}
		ZipArchive za;
		ZipArchive za = {};
		int err;
		err = mzOpenZipArchive(map.addr, map.length, &za);
		if (err != 0) {