Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fba1a36f authored by Tianjie Xu's avatar Tianjie Xu Committed by Jiyong Park
Browse files

Fix out of bound access in libziparchive 

The boundary check of an invalid EOCD record may succeed due to the
overflow of uint32_t. Fix the check and add a unit test.

Test: Open the crash.apk and libziparchive reports the offset error as expected.

Bug: 31251826
Merged-In: I1d8092a19b73886a671bc9d291cfc27d65e3d236
Change-Id: I1d8092a19b73886a671bc9d291cfc27d65e3d236
(cherry picked from commit ae8180c0)
parent 7dbf1a18

libziparchive/testdata/crash.apk

0 → 100644
+154 B

File added.

No diff preview for this file type.

View file

libziparchive/zip_archive_test.cc

+7 −0
Original line number Diff line number Diff line
@@ -40,6 +40,7 @@ static const std::string kMissingZip = "missing.zip"; 
static const std::string kValidZip = "valid.zip";

static const std::string kLargeZip = "large.zip";

static const std::string kBadCrcZip = "bad_crc.zip";

static const std::string kCrashApk = "crash.apk";

static const std::string kUpdateZip = "dummy-update.zip";



static const std::vector<uint8_t> kATxtContents {
@@ -89,6 +90,12 @@ TEST(ziparchive, Open) { 
  CloseArchive(handle);

}



TEST(ziparchive, OutOfBound) {

  ZipArchiveHandle handle;

  ASSERT_EQ(-8, OpenArchiveWrapper(kCrashApk, &handle));

  CloseArchive(handle);

}



TEST(ziparchive, OpenMissing) {

  ZipArchiveHandle handle;

  ASSERT_NE(0, OpenArchiveWrapper(kMissingZip, &handle));