diff mbox series

libbacktrace patch committed: Skip all LZMA block header padding bytes

Message ID CAOyqgcW48PewSOR30YHivgOKpZQE_QJ1Zkp+Tw=sPO-NZUD-=A@mail.gmail.com
State New
Headers show
Series libbacktrace patch committed: Skip all LZMA block header padding bytes | expand

Commit Message

Ian Lance Taylor March 2, 2024, 8:17 p.m. UTC 
This patch to libbacktrace corrects the LZMA block header parsing to
skip all the padding bytes, verifying that they are zero.  This fixes
https://github.com/ianlancetaylor/libbacktrace/issues/118.
Bootstrapped and ran libbacktrace tests on x86_64-pc-linux-gnu.  I was
able to verify that the problem occurred when setting the environment
variable XZ_OPT="--threads=2", and that this patch fixes the bug.
Committed to mainline.

Ian

* elf.c (elf_uncompress_lzma_block): Skip all header padding bytes
and verify that they are zero.
23f9fbed3c97ed70d2615d7d3fa7c249cc862553
diff mbox series

Patch

diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c
index f4527e2477d..7841c86cd9c 100644
--- a/libbacktrace/elf.c
+++ b/libbacktrace/elf.c
@@ -5568,6 +5568,7 @@  elf_uncompress_lzma_block (const unsigned char *compressed,
   uint64_t header_compressed_size;
   uint64_t header_uncompressed_size;
   unsigned char lzma2_properties;
+  size_t crc_offset;
   uint32_t computed_crc;
   uint32_t stream_crc;
   size_t uncompressed_offset;
@@ -5671,19 +5672,20 @@  elf_uncompress_lzma_block (const unsigned char *compressed,
   /* The properties describe the dictionary size, but we don't care
      what that is.  */
 
-  /* Block header padding.  */
-  if (unlikely (off + 4 > compressed_size))
+  /* Skip to just before CRC, verifying zero bytes in between.  */
+  crc_offset = block_header_offset + block_header_size - 4;
+  if (unlikely (crc_offset + 4 > compressed_size))
     {
       elf_uncompress_failed ();
       return 0;
     }
-
-  off = (off + 3) &~ (size_t) 3;
-
-  if (unlikely (off + 4 > compressed_size))
+  for (; off < crc_offset; off++)
     {
-      elf_uncompress_failed ();
-      return 0;
+      if (compressed[off] != 0)
+	{
+	  elf_uncompress_failed ();
+	  return 0;
+	}
     }
 
   /* Block header CRC.  */