[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#56247: inflate fails to reject invalid distance
|
From: |
Young Mo Kang |
|
Subject: |
bug#56247: inflate fails to reject invalid distance |
|
Date: |
Sun, 26 Jun 2022 20:21:09 -0700 |
Hello gzip devs and maintainers,
I noticed that GNU gzip does not check for error during decompression when the
distance value exceeds the current accumulative position, i.e., back reference
to position beyond the starting point.
The following shows an example .gz file with invalid distance
```
cat << EOF > file.gz.hex
1f8b0800000000000003738aca3034748c540b8ebc297129888141e1ffff
1f0c131842041818172b5c6169686068706438c0aad0c0c8c0e0c0c0d8e0
e8c0b1802124d94d81218571e1ab8c6f2b4c4dd9579830c82d7cc5c0ae72
e18bffefcab6244e0e4536861486f5e612abda4c336cf6dc5d5da4bd6c4d
ed49a13bffe37813164d39d8aafdb15c25b895937762afaa02c205deff85
c2181818a3241f30303031303231340830b0303032702e60306476b82035
6ff92b379ff625574ca6594d5a9cf7464ebf7ba7d21c0d0fd5ff9dda107f
000040136103cd000000
EOF
xxd -r -ps file.gz.hex | gzip -d > file
```
GNU gzip decompresses it w/o an error, while both macOS’s gzip and zlib reject
the file and outputs an error:
macOS gzip: gzip: data stream error
zlib: <fd:0>: invalid distance too far back
I believe GNU gzip also needs to reject this file, since the file is not a
valid deflate format.
Thanks,
Young
- bug#56247: inflate fails to reject invalid distance,
Young Mo Kang <=