Closed
Description
On latest version (0.631) and the master branch,
there is an infinite loop and application hang in the get_fileinfo function (src/lrzip.c), which can be triggered by the POC with command: lrzip -i $POC
Looking into the get_fileinfo function (src/lrzip.c), we found that: in the "do {} while(last_head)" loop, the "last_head" variable is affected by the POC file and always non-zero, and "lseek" in line 1041 continuously moves file cursor to the same position. That means, "last_head" is always assigned the value from the same file position, resulting in infinite loop.
934 bool get_fileinfo(rzip_control *control)
...
1036 do {
...
1041 if (unlikely(head_off = lseek(fd_in, last_head + ofs, SEEK_SET) == -1))
1042 fatal_goto(("Failed to seek to header data in get_fileinfo\n"), error);
1043 if (unlikely(!get_header_info(control, fd_in, &ctype, &c_len, &u_len,
1044 &last_head, chunk_byte)))
1045 return false;
...
1069 } while (last_head);
Metadata
Metadata
Assignees
Labels
No labels