From 137a0f1c1cbd021cbbbb6ad2244f9b1f6093a5ee Mon Sep 17 00:00:00 2001 From: Ende Date: Mon, 26 Oct 2015 11:54:42 -0400 Subject: [PATCH] FIX: uncaught zero-byte in word transformation #10 --- Cargo.toml | 2 +- README.md | 5 +++++ src/main.rs | 6 ++++-- src/transformation/mod.rs | 2 +- tests/lib.rs | 16 +++++++++++++++- 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 814887a..6328c50 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "brotli" -version = "0.3.11" +version = "0.3.12" authors = ["Thomas Pickert "] license = "Apache-2.0" repository = "https://github.com/ende76/brotli-rs" diff --git a/README.md b/README.md index 05bd80c..47e5c68 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,11 @@ Compression provides a -struct to wrap a Brotli-compressed stream. A consu ## Changelog +###v0.3.11 -> v0.3.12 +---------------- + +Fixed uncaught zero-byte in word transformation. (Thanks, [Corey](https://github.com/frewsxcv)!). + ###v0.3.10 -> v0.3.11 ---------------- diff --git a/src/main.rs b/src/main.rs index 8ad02a6..1bccfa5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,5 +5,7 @@ use brotli::Decompressor; fn main() { let mut input = vec![]; - let _ = Decompressor::new(&b"\x12\x1b\x00\x1e\x11\x00\x05\x09\x21\x00\x05\x04\x43\x05\xf5\x21\x1e\x11\x00\x05\xf5\x21\x00\x05\x04\x43".to_vec() as &[u8]).read_to_end(&mut input); -} + let _ = Decompressor::new(&b"\x1b\x3f\x01\xf0\x24\xb0\xc2\xa4\x80\x54\xff\xd7\x24\xb0\x12".to_vec() as &[u8]).read_to_end(&mut input); + + println!("{:?}", String::from_utf8(input)); +} \ No newline at end of file diff --git a/src/transformation/mod.rs b/src/transformation/mod.rs index 523517a..531f2c4 100644 --- a/src/transformation/mod.rs +++ b/src/transformation/mod.rs @@ -7,7 +7,7 @@ fn uppercase_all(base_word: &[u8]) -> Vec { while i < l { match base_word[i] { - 1...96|123...191 => { + 0...96|123...191 => { v.push(base_word[i]); i += 1; }, diff --git a/tests/lib.rs b/tests/lib.rs index 5a9bd66..9e1b886 100644 --- a/tests/lib.rs +++ b/tests/lib.rs @@ -420,7 +420,7 @@ fn should_decompress_to_empty_string_frewsxcv_06() { /// frewsxcv: fuzzer-test /// exposes arithmetic overflow in word transformation /// found and reported by Corey Farwell – https://github.com/ende76/brotli-rs/issues/9 -fn should_decompress_to_empty_string_frewsxcv_07() { +fn should_decompress_to_string_frewsxcv_07() { use std::io::Read; use brotli::Decompressor; let mut input = vec![]; @@ -429,6 +429,20 @@ fn should_decompress_to_empty_string_frewsxcv_07() { assert_eq!(vec![46, 103, 105, 102, 34, 32, 97, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 116, 61, 34, 108, 0, 4, 2, 0, 0, 0, 2, 4, 0, 5, 3, 7, 0, 2, 0, 0, 0], input); } +#[test] +/// frewsxcv: fuzzer-test +/// exposes uncaught byte value 0 in transformation code +/// found and reported by Corey Farwell – https://github.com/ende76/brotli-rs/issues/10 +fn should_decompress_to_string_frewsxcv_08() { + use std::io::Read; + use brotli::Decompressor; + + let mut input = vec![]; + let _ = Decompressor::new(&b"\x1b\x3f\x01\xf0\x24\xb0\xc2\xa4\x80\x54\xff\xd7\x24\xb0\x12".to_vec() as &[u8]).read_to_end(&mut input); + + assert_eq!(vec![88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 32, 216, 131, 217, 170, 216, 135, 217, 165, 61, 39, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 32, 1, 0, 0, 0, 3, 0, 0, 0, 61, 39, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88, 88], input); +} + fn inverse_move_to_front_transform(v: &mut[u8]) { let mut mtf: Vec = vec![0; 256]; let v_len = v.len();