FIX: uncaught zero-byte in word transformation #10

ende76 · Oct 26, 2015 · 137a0f1 · 137a0f1
1 parent 3540aa1
commit 137a0f1
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 5 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "brotli"
-version = "0.3.11"
+version = "0.3.12"
 authors = ["Thomas Pickert <ende.mail@web.de>"]
 license = "Apache-2.0"
 repository = "https://github.com/ende76/brotli-rs"

diff --git a/README.md b/README.md
@@ -8,6 +8,11 @@ Compression provides a <Read>-struct to wrap a Brotli-compressed stream. A consu
 
 ## Changelog
 
+###v0.3.11 -> v0.3.12
+----------------
+
+Fixed uncaught zero-byte in word transformation. (Thanks, [Corey](https://github.com/frewsxcv)!).
+
 ###v0.3.10 -> v0.3.11
 ----------------
 

diff --git a/src/main.rs b/src/main.rs
@@ -5,5 +5,7 @@ use brotli::Decompressor;
 
 fn main() {
  let mut input = vec![];
- let _ = Decompressor::new(&b"\x12\x1b\x00\x1e\x11\x00\x05\x09\x21\x00\x05\x04\x43\x05\xf5\x21\x1e\x11\x00\x05\xf5\x21\x00\x05\x04\x43".to_vec() as &[u8]).read_to_end(&mut input);
-}
+ let _ = Decompressor::new(&b"\x1b\x3f\x01\xf0\x24\xb0\xc2\xa4\x80\x54\xff\xd7\x24\xb0\x12".to_vec() as &[u8]).read_to_end(&mut input);
+
+ println!("{:?}", String::from_utf8(input));
+}
diff --git a/src/transformation/mod.rs b/src/transformation/mod.rs
@@ -7,7 +7,7 @@ fn uppercase_all(base_word: &[u8]) -> Vec<u8> {
 
  while i < l {
  match base_word[i] {
- 1...96|123...191 => {
+ 0...96|123...191 => {
  v.push(base_word[i]);
  i += 1;
  },

diff --git a/tests/lib.rs b/tests/lib.rs
@@ -420,7 +420,7 @@ fn should_decompress_to_empty_string_frewsxcv_06() {
 /// frewsxcv: fuzzer-test
 /// exposes arithmetic overflow in word transformation
 /// found and reported by Corey Farwell – https://github.com/ende76/brotli-rs/issues/9
-fn should_decompress_to_empty_string_frewsxcv_07() {
+fn should_decompress_to_string_frewsxcv_07() {
  use std::io::Read;
  use brotli::Decompressor;
  let mut input = vec![];
@@ -429,6 +429,20 @@ fn should_decompress_to_empty_string_frewsxcv_07() {
  assert_eq!(vec![46, 103, 105, 102, 34, 32, 97, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 0, 4, 2, 0, 0, 0, 2, 4, 0, 5, 3, 7, 0, 2, 0, 0, 0], input);
 }
 
+#[test]
+/// frewsxcv: fuzzer-test
+/// exposes uncaught byte value 0 in transformation code
+/// found and reported by Corey Farwell – https://github.com/ende76/brotli-rs/issues/10
+fn should_decompress_to_string_frewsxcv_08() {
+ use std::io::Read;
+ use brotli::Decompressor;
+
+ let mut input = vec![];
+ let _ = Decompressor::new(&b"\x1b\x3f\x01\xf0\x24\xb0\xc2\xa4\x80\x54\xff\xd7\x24\xb0\x12".to_vec() as &[u8]).read_to_end(&mut input);
+
+ assert_eq!(vec![88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 32, 216, 131, 217, 170, 216, 135, 217, 165, 61, 39, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 32, 1, 0, 0, 0, 3, 0, 0, 0, 61, 39, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88], input);
+}
+
 fn inverse_move_to_front_transform(v: &mut[u8]) {
  let mut mtf: Vec<u8> = vec![0; 256];
  let v_len = v.len();