Merge 'feature/fortify'

gdraheim · Feb 29, 2024 · 2a8ac48 · 2a8ac48
2 parents 8bd684e + 39d49f1
commit 2a8ac48
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 2 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -22,6 +22,7 @@ option(ZZIPSDL "Build zzcatsdl (includable example code)" ON)
 option(ZZIPBINS "Build bins/unzzip (unzip-like executables)" ON)
 option(ZZIPTEST "Build test/zzipself (self-extract example)" ON)
 option(ZZIPDOCS "Build docs/manpages (and website content)" ON)
+option(FORTIFY "Add gcc address sanitzer" OFF)
 
 add_subdirectory(zzip)
 

diff --git a/GNUmakefile b/GNUmakefile
@@ -25,6 +25,7 @@ build:
 
 new: ; rm -rf $(BUILD); $(MAKE) build
 static: ; rm -rf $(BUILD) && $(MAKE) build OPTIONS=-DBUILD_SHARED_LIBS=OFF
+fortify: ; rm -rf $(BUILD) && $(MAKE) build OPTIONS=-DFORTIFY=ON
 
 ninja: ; rm -rf $(BUILD) && $(MAKE) build OPTIONS=-GNinja
 nmake: ; rm -rf $(BUILD) && $(MAKE) build OPTIONS=-GNmake

diff --git a/bins/CMakeLists.txt b/bins/CMakeLists.txt
@@ -16,6 +16,17 @@ option(MSVC_STATIC_RUNTIME "Build with static runtime libs (/MT)" ON)
 option(ZZIP_INSTALL_BINS "Install the bins/ exanple programs" ON)
 option(ZZIP_INSTALL_ACLOCAL "Install zziplib.m4 aclocal helper" ON)
 
+if(FORTIFY)
+   add_definitions(
+     -U_FORTIFY_SOURCE 
+     -fsanitize=address 
+     -g
+   )
+   add_link_options(
+     -fsanitize=address
+   )
+endif()
+
 # Zlib library needed
 find_package ( ZLIB REQUIRED )
 # pkg_search_module ( ZZIP zzip )

diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
@@ -14,6 +14,17 @@ option(BUILD_TESTS "Build test programs" OFF)
 option(MSVC_STATIC_RUNTIME "Build with static runtime libs (/MT)" ON)
 option(ZZIP_TESTCVE "Run old CVE in zziptests.py testsuite" ON)
 
+if(FORTIFY)
+   add_definitions(
+     -U_FORTIFY_SOURCE 
+     -fsanitize=address 
+     -g
+   )
+   add_link_options(
+     -fsanitize=address
+   )
+endif()
+
 # Zlib library needed
 find_package ( ZLIB REQUIRED )
 # pkg_search_module ( ZZIP zzip )

diff --git a/test/zziptests.py b/test/zziptests.py
@@ -3995,6 +3995,34 @@ def test_65779(self) -> None:
         shell("ls -l {tmpdir}/{filename}".format(**locals()))
         size = os.path.getsize(os.path.join(tmpdir, filename))
         self.assertEqual(size, 771)
+    url_BUG_143 = "https://github.com/gdraheim/zziplib/files/9757091"
+    zip_BUG_143 = "zip.c_347_44-in-__zzip_fetch_disk_trailer.zip"
+    def test_70143(self) ->None:
+        """ check github issue #143 - requires `make fortify`"""
+        tmpdir = self.testdir()
+        filename = self.zip_BUG_143
+        file_url = self.url_BUG_143
+        if not download_raw(file_url, filename, tmpdir):
+            self.skipTest("no zip_BUG_143 available: " + filename)
+        if not os.path.isfile(os.path.join(tmpdir, filename)): self.skipTest("missing " + filename)
+        exe = self.bins("zzdir")
+        run = shell("{exe} {tmpdir}/{filename} ".format(**locals()),
+                    returncodes=[0])
+        #
+    url_BUG_144 = "https://github.com/gdraheim/zziplib/files/9757121"
+    zip_BUG_144 = "zip.c_347_44-in-__zzip_fetch_disk_trailer.zip"
+    def test_70144(self) ->None:
+        """ check github issue #144 - requires `make fortify`"""
+        tmpdir = self.testdir()
+        filename = self.zip_BUG_144
+        file_url = self.url_BUG_144
+        if not download_raw(file_url, filename, tmpdir):
+            self.skipTest("no zip_BUG_144 available: " + filename)
+        if not os.path.isfile(os.path.join(tmpdir, filename)): self.skipTest("missing " + filename)
+        exe = self.bins("unzzip")
+        run = shell("{exe} {tmpdir}/{filename} ".format(**locals()),
+                    returncodes=[0])
+        #
 
     def test_91000_zzshowme_check_sfx(self) -> None:
         """ create an *.exe that can extract its own zip content """

diff --git a/zzip/CMakeLists.txt b/zzip/CMakeLists.txt
@@ -106,8 +106,6 @@ endif()
 
 configure_file ( ${CMAKE_CURRENT_SOURCE_DIR}/_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/_config.h )
 
-# Zlib library needed
-find_package ( ZLIB REQUIRED )
 
 if(UNIX)
 CHECK_C_COMPILER_FLAG(C "-Warray-bounds" HAS_WARRAY_BOUNDS)
@@ -126,6 +124,20 @@ CHECK_C_COMPILER_FLAG(C "-Warray-bounds" HAS_WARRAY_BOUNDS)
   endif()
 endif()
 
+if(FORTIFY)
+   add_definitions(
+     -U_FORTIFY_SOURCE 
+     -fsanitize=address 
+     -g
+   )
+   add_link_options(
+     -fsanitize=address
+   )
+endif()
+
+# Zlib library needed
+find_package ( ZLIB REQUIRED )
+
 set(CMAKE_POSITION_INDEPENDENT_CODE ${BUILD_SHARED_LIBS})
 add_definitions ( -DHAVE_CONFIG_H )