git.ipfire.org Git - thirdparty/libarchive.git/commit

author	Grzegorz Antoniak <ga@anadoxin.org>
	Mon, 29 Apr 2019 04:37:44 +0000 (06:37 +0200)
committer	Grzegorz Antoniak <ga@anadoxin.org>
	Mon, 29 Apr 2019 04:46:20 +0000 (06:46 +0200)
commit	b20668f4e1289e8390d3a3329d0d96f402d4d415
tree	31f1eff4562d3d1a1db70185b2dc8f5bae92b195	tree
parent	ba6bbc3aa4706b4af8b68a468cd2d0f45172042c	commit \| diff

ZIP reader: fix memory leak when unpacking LZMA

This commit fixes a memory leak which is triggered by invalid files.
Sample test case that triggers the leak is provided by OSSFuzz #14470.

If the ZIPX file contanis an LZMA stream, and this stream is invalid,
the reader was allocating an LZMA decoding context which wasn't freed.
Later, when trying to unpack another LZMA stream, context was
re-initialized by allocating a new context and overwriting old pointers
to an unfreed memory, causing a memory leak.

After applying this commit, the LZMA stream context initialization
function will check if there is an non-freed previous context being in
use. If it exists, the reader will free the memory before allocating a
new LZMA unpacking context.

The commit also contains a test case with OSSFuzz sample #14470.

libarchive/archive_read_support_format_zip.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_zip.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_zip_lzma_alone_leak.zipx.uu	[new file with mode: 0644]	blob