From e680017bae901240e8894062c0b0a3020eca42c1 Mon Sep 17 00:00:00 2001 From: iibclothier Date: Wed, 18 Dec 2024 08:04:53 -0600 Subject: [PATCH 1/4] Add a check to guard against potential infinite loop when given a bad zip file. See https://github.com/Edward-L/my-cve-list/blob/master/miniz/README.md and https://nvd.nist.gov/vuln/detail/CVE-2018-12913 for details. --- miniz_tinfl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/miniz_tinfl.c b/miniz_tinfl.c index f7c8815..d5671b4 100644 --- a/miniz_tinfl.c +++ b/miniz_tinfl.c @@ -489,6 +489,12 @@ tinfl_status tinfl_decompress(tinfl_decompressor *r, const mz_uint8 *pIn_buf_nex } bit_buf >>= code_len; num_bits -= code_len; + + //assert(sym2 != 0 && counter != 0); + if (sym2 == 0 && counter == 0) + { + TINFL_CR_RETURN_FOREVER(40, TINFL_STATUS_FAILED); + } pOut_buf_cur[0] = (mz_uint8)counter; if (sym2 & 256) From d9be48fbe624930b9b88e0e79dffdcb4e90a3e67 Mon Sep 17 00:00:00 2001 From: iibclothier Date: Wed, 18 Dec 2024 08:16:26 -0600 Subject: [PATCH 2/4] Fix formatting --- miniz_tinfl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/miniz_tinfl.c b/miniz_tinfl.c index 8756e68..764a2c9 100644 --- a/miniz_tinfl.c +++ b/miniz_tinfl.c @@ -491,7 +491,7 @@ extern "C" bit_buf >>= code_len; num_bits -= code_len; - //assert(sym2 != 0 && counter != 0); + /* assert(sym2 != 0 && counter != 0); */ if (sym2 == 0 && counter == 0) { TINFL_CR_RETURN_FOREVER(40, TINFL_STATUS_FAILED); From 13c4e52c9117dc7d3a4e2601b0146eb3633c47c3 Mon Sep 17 00:00:00 2001 From: iibclothier <161363095+iibclothier@users.noreply.github.com> Date: Sat, 28 Dec 2024 11:18:43 -0600 Subject: [PATCH 3/4] Update ci-fuzz.yml Version 1 is deprecated, bump to version 2. --- .github/workflows/ci-fuzz.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-fuzz.yml b/.github/workflows/ci-fuzz.yml index 849de22..26617a9 100644 --- a/.github/workflows/ci-fuzz.yml +++ b/.github/workflows/ci-fuzz.yml @@ -16,8 +16,8 @@ jobs: fuzz-seconds: 900 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v2 if: failure() with: name: artifacts - path: ./out/artifacts \ No newline at end of file + path: ./out/artifacts From 4d99a8f7c230ea91070dbbc23c3ab583591d0e56 Mon Sep 17 00:00:00 2001 From: iibclothier <161363095+iibclothier@users.noreply.github.com> Date: Sat, 28 Dec 2024 11:24:41 -0600 Subject: [PATCH 4/4] Update ci-fuzz.yml Try version 4 --- .github/workflows/ci-fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-fuzz.yml b/.github/workflows/ci-fuzz.yml index 26617a9..5b4ac73 100644 --- a/.github/workflows/ci-fuzz.yml +++ b/.github/workflows/ci-fuzz.yml @@ -16,7 +16,7 @@ jobs: fuzz-seconds: 900 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 if: failure() with: name: artifacts