search

hapsunday / miniz

Automatically exported from code.google.com/p/miniz
0 stars 0 forks source link

miniz fails to decompress valid ZIP archive #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Complie attached test_crash.c with latest miniz.
2. Run it against attached test.zip.

What is the expected output? What do you see instead?
Expected is MANIFEST.MF contents since test.zip is a valid archive.
However it fails to decompress file contents.

What version of the product are you using? On what operating system?
Miniz 1.11b, Win7 and GNU/Linux (gcc 4.1.2)

Please provide any additional information below.

I've discovered that failure occurs in tinfl_decompress() routine:

...
        TINFL_HUFF_DECODE(26, dist, &r->m_tables[1]);
        num_extra = s_dist_extra[dist]; dist = s_dist_base[dist];
        if (num_extra) { mz_uint extra_bits; TINFL_GET_BITS(27, extra_bits, num_extra); dist += extra_bits; }

        dist_from_out_buf_start = pOut_buf_cur - pOut_buf_start;
        if ((dist > dist_from_out_buf_start) && (decomp_flags & TINFL_FLAG_USING_NON_WRAPPING_OUTPUT_BUF))
        {
          TINFL_CR_RETURN_FOREVER(37, TINFL_STATUS_FAILED);
        }
...

dist occures to be 2049 which is much greater than dist_from_out_buf_start thus 
decompression fails.

Original issue reported on code.google.com by vladimir...@gmail.com on 22 Nov 2011 at 6:59

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks Vladimir - working on repro'ing this right now.

Original comment by richge...@gmail.com on 19 May 2012 at 11:51

GoogleCodeExporter commented 9 years ago 
Hi Vladimir - I've ran your example against test.zip using both v1.12 and 
v1.13, using Visual Studio 2008 (both 32-bit and 64-bit, debug and release). In 
each case it successfully extracts and prints manifest.mf.

If dist > dist_from_out_buf_start, it typically indicates that the Huffman code 
where bad, or the stream was corrupted (or a bug in tinfl).

Do you have any more information about how to repro this? I'll try GCC (MingW) 
next, just to be sure.

Thanks,
-Rich

Original comment by richge...@gmail.com on 20 May 2012 at 12:01

GoogleCodeExporter commented 9 years ago 
I've also compiled and tested the example using gcc 4.5.0 (64-bit TDM-64), and 
it also successfully decompresses and prints the text file. Any more repro 
steps would be appreciated.

Best regards,
-Rich

Original comment by richge...@gmail.com on 20 May 2012 at 12:07

GoogleCodeExporter commented 9 years ago 
This may be a dup of issue #4. It only happens when mz_ulong is 64-bit. The 
mz_crc32() function doesn't compute the proper CRC32 of the decompressed data 
in this situation. The decompress data is fine, however. 
I'm fixing this and will release an update today.

Original comment by richge...@gmail.com on 20 May 2012 at 12:25

GoogleCodeExporter commented 9 years ago 
Could you try repro'ing this on v1.13 when you get a chance?

Thanks,
-Rich

Original comment by richge...@gmail.com on 20 May 2012 at 4:47

GoogleCodeExporter commented 9 years ago

Original comment by richge...@gmail.com on 13 Oct 2013 at 5:25