Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZipInputStream.GetNextEntry hangs permanently #300

Closed
Metalnem opened this issue Dec 25, 2018 · 3 comments
Closed

ZipInputStream.GetNextEntry hangs permanently #300

Metalnem opened this issue Dec 25, 2018 · 3 comments
Labels
bug zip Related to ZIP file format
Projects
Bugs

Comments

@Metalnem
Copy link

ZipInputStream.GetNextEntry hangs permanently when attempting to extract the attached archive. I'm using the latest SharpZipLib NuGet package (version 1.1.0). You can run the following code to reproduce it (the path variable should contain the path to the attached file):

using (var file = File.OpenRead(path))
using (var zip = new ZipInputStream(file))
{
  while (zip.GetNextEntry() != null) { }
}

Found via SharpFuzz.
@Numpsy
Copy link
Contributor

Numpsy commented Jan 20, 2019

Looks to be getting stuck @ https://github.com/icsharpcode/SharpZipLib/blob/master/src/ICSharpCode.SharpZipLib/Zip/ZipInputStream.cs#L372, where Read() constantly returns more data.

Possibly related to #128 / #88 / #19 ?

@piksel
Copy link
Member

piksel commented Jan 27, 2019
edited
Loading

My analysis so far is that the dynamic tree for the "bad" block assigns code length 0 to symbol 255. This is supposed to indicate that symbol 255 is not present in block. So when we're inflating the block and find a 255 we're moving the input buffer along 0 bits (the code length) and output a 0 byte. This obviously leads to an infinite loop since the input pointer is never incremented.
The shortest valid code length is 1, so I think we can throw an exception in GetSymbol if the code length (symbol & 15) is less than one.

@piksel piksel added bug zip Related to ZIP file format labels Jan 30, 2019
@piksel piksel added this to Needs triage in Bugs via automation Jan 30, 2019
@piksel piksel moved this from Needs triage to High priority in Bugs Jan 30, 2019
@piksel piksel mentioned this issue Feb 6, 2019
Merged
@piksel
Copy link
Member

piksel commented Jul 29, 2019

Fixed by #316.

@piksel piksel closed this as completed Jul 29, 2019
Bugs automation moved this from High priority to Closed Jul 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug zip Related to ZIP file format
Projects
No open projects
Bugs
  
Closed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@piksel @Numpsy @Metalnem