[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug classpath/41513] New: zip: Infinite loop decoding Huffman if input
|
From: |
daniel at nuix dot com |
|
Subject: |
[Bug classpath/41513] New: zip: Infinite loop decoding Huffman if input is corrupt |
|
Date: |
30 Sep 2009 07:10:58 -0000 |
We found a bunch of data which is zip files with random data absent (and
replaced with 0-bytes.)
As a result, InflaterHuffmanTree.buildTree(byte[]) receives empty byte arrays,
and doesn't notice that the data is invalid. In this particular case I can see
that codeLengths is a byte[11] where all 11 bytes are zero. The result is that
tree is a byte[512] where all 512 bytes are zero.
I suspect that it's impossible for a Huffman tree to have any entries which are
0 (could someone confirm this though?) in which case any 0 entries would be
invalid. But is there a better check which could be performed to ensure that
the tree data is intact?
Sun's implementation throws an exception indicating that the Huffman tree is
incomplete, which appears to be the correct error in this situation.
--
Summary: zip: Infinite loop decoding Huffman if input is corrupt
Product: classpath
Version: 0.97.2
Status: UNCONFIRMED
Severity: critical
Priority: P3
Component: classpath
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: daniel at nuix dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41513
- [Bug classpath/41513] New: zip: Infinite loop decoding Huffman if input is corrupt,
daniel at nuix dot com <=