]> git.ipfire.org Git - thirdparty/zlib-ng.git/commit
projects / thirdparty / zlib-ng.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d7fdc51) | patch
Add test for CVE-2002-0059
authorDaniel Axtens <dja@axtens.net>
Mon, 27 Apr 2015 06:17:21 +0000 (16:17 +1000)
committerHans Kristian Rosbach <hk-git@circlestorm.org>
Thu, 28 Apr 2016 12:00:05 +0000 (14:00 +0200)
commit821dd3d85d7a7301f8161df4239cc678dfd475cb
tree28fb232b19019ab85a7cae80ab8f099ac7c2452dtree | snapshot
parentd7fdc511e1a860b5792c10c53ea187118db12f8fcommit | diff
Add test for CVE-2002-0059

CVE-2002-0059 was a double free in inflation. [0]

This makes sure we don't accidentally reintroduce it.

zlib-1.1.3 was download and fuzz tested using AFL[1].
This crashing case (test.gz) was discovered, and using gdb it was
confirmed to be a double free in the expected place.

The test script looks for a normal error exit (status code 1),
and fails if any other code is returned.

[0] http://www.cvedetails.com/cve/CVE-2002-0059/
[1] http://lcamtuf.coredump.cx/afl/

Signed-off-by: Daniel Axtens <dja@axtens.net>
test/CVE-2002-0059/test.gz [new file with mode: 0644] blob
test/Makefile.in diff | blob | blame | history
test/testCVEinputs.sh [new file with mode: 0755] blob
Mirror of https://github.com/zlib-ng/zlib-ng.git