Password protected ZipArchive crashes on attempt to add a file to the archive

[devValley]

STEPS:

1. Create a test application with a code from the Listing 1 (error handling is omitted for simplicity).
2. Run the test application.

Actual result: The test app crashes inside addFileToZip:newname: method. See the attached crash log.

Additional info: MacOS 10.7.5, Xcode 4.5.1

Listing 1:

ZipArchive theZip = [[[ZipArchive alloc] init] autorelease]; NSString theZippedFilePath = [NSTemporaryDirectory() stringByAppendingPathComponent: @"archivedFile.zip"]; NSString theFilePath = / Path to a file whose size is 300KB or more*/;

if ([[NSFileManager defaultManager] fileExistsAtPath:theZippedFilePath]) { [[NSFileManager defaultManager] removeItemAtPath:theZippedFilePath error:nil]; }

[theZip CreateZipFile2:theZippedFilePath Password:@"password"]; [theZip addFileToZip:theFilePath newname:[theFilePath lastPathComponent]]; [theZip CloseZipFile2];

[mattconnolly]

Hi, I couldn't reproduce this. I followed the above code, creating a random file about 500kB (with a non-16 byte aligned length, which triggers that function call on closing the file), and there was no crash.

Is there something special about the file? Does it have any non-ascii characters in the file name (wild guess)?

Any chance you can provide a test file to help reproduce it?

(Apologies for the delayed response, this fell off my radar for a bit).

[alikaragoz]

Hello, I've the same issue on a project I'm working on, here is the backtrace:

* thread #1: tid = 0x2403, 0x00360072 project`update_keys(pkeys=0x055e1094, pcrc_32_tab=0x7d8bb7ce, c=12) + 26 at crypt.h:50, stop reason = EXC_BAD_ACCESS (code=1, address=0x7d8bb91a)
    frame #0: 0x00360072 project`update_keys(pkeys=0x055e1094, pcrc_32_tab=0x7d8bb7ce, c=12) + 26 at crypt.h:50
    frame #1: 0x0035f9c2 project`zipFlushWriteBuffer(zi=0x055dd000) + 130 at zip.c:998
    frame #2: 0x0035fb06 project`zipCloseFileInZipRaw(file=0x055dd000, uncompressed_size=0, crc32=0) + 206 at zip.c:1109
    frame #3: 0x0035f2a0 project`zipCloseFileInZip(file=0x055dd000) + 24 at zip.c:1173
    frame #4: 0x00360946 project`-[ZipArchive addFileToZip:newname:](self=0x223052a0, _cmd=0x00424b5c, file=0x224a5150, newname=0x22302940) + 1250 at ZipArchive.m:169
    frame #5: 0x0035c2d4 project`-[AFDebug createZipArchiveWithFiles:andPassword:](self=0x209f5d00, _cmd=0x00424b1c, files=0x2230c220, password=0x004c658c) + 524 at AFDebug.m:297
    frame #6: 0x0035be10 project`-[AFDebug dataArchive](self=0x209f5d00, _cmd=0x00424aa2) + 932 at AFDebug.m:267
    frame #7: 0x0035b9d0 project`+[AFDebug createMailComposeController](self=0x004b816c, _cmd=0x0040dba9) + 420 at AFDebug.m:231
    frame #8: 0x000d8e36 project`-[AFViewController motionEnded:withEvent:](self=0x22567fb0, _cmd=0x3635c354, motion=UIEventSubtypeMotionShake, event=0x1fd63f80) + 130 at AFDarkCollectionListViewController.m:451
    frame #9: 0x35ee48e0 UIKit`-[UIApplication sendEvent:] + 380
    frame #10: 0x3613db76 UIKit`-[UIMotionEvent accelerometer:didAccelerateWithTimeStamp:x:y:z:eventType:] + 294
    frame #11: 0x39613ee4 SpringBoardServices`-[SBSAccelerometer accelerometer:didAccelerateWithTimeStamp:x:y:z:eventType:] + 80
    frame #12: 0x36c86924 BackBoardServices`_BKXXDeliverAccelerometerEvent + 84
    frame #13: 0x36c838bc BackBoardServices`_XDeliverAccelerometerEvent + 96
    frame #14: 0x36c83b04 BackBoardServices`migHelperRecievePortCallout + 148
    frame #15: 0x340aa3e6 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 34
    frame #16: 0x340aa38a CoreFoundation`__CFRunLoopDoSource1 + 138
    frame #17: 0x340a920e CoreFoundation`__CFRunLoopRun + 1382
    frame #18: 0x3401c23c CoreFoundation`CFRunLoopRunSpecific + 356
    frame #19: 0x3401c0c8 CoreFoundation`CFRunLoopRunInMode + 104
    frame #20: 0x37bfb33a GraphicsServices`GSEventRunModal + 74
    frame #21: 0x35f382b8 UIKit`UIApplicationMain + 1120
    frame #22: 0x00021920 project`main(argc=1, argv=0x2fde1d08) + 100 at main.m:17

It crashes in this method :

/***********************************************************************
 * Update the encryption keys with the next byte of plain text
 */
static int update_keys(unsigned long* pkeys,const unsigned long* pcrc_32_tab,int c)
{
    (*(pkeys+0)) = CRC32((*(pkeys+0)), c); // Crashes here
    (*(pkeys+1)) += (*(pkeys+0)) & 0xff;
    (*(pkeys+1)) = (*(pkeys+1)) * 134775813L + 1;
    {
      register int keyshift = (int)((*(pkeys+1)) >> 24);
      (*(pkeys+2)) = CRC32((*(pkeys+2)), keyshift);
    }
    return c;
}

It does not crash every time and seems to be linked to the size of the archive. The archive is password protected by the way. If you have any info to fix this, it would be great :+1:

Thanks!

[yusenhan]

Hi @mattconnolly please try add the two files into zip file with password.

https://www.dropbox.com/s/kpvivjimsb1wcoc/V3.png https://www.dropbox.com/s/9wfyu92iclsxrpq/V3.xml

I always crash.

Thanks.

[yusenhan]

Hi all. I update minizip to version 1.01h. this issue not happen.

[mattconnolly]

Excellent, thank you for testing. I have another pull request to upgrade to minizip 1.1 which should also cover this.

https://github.com/mattconnolly/ZipArchive/pull/22

I will test and merge this pull request in the next day or two and release an update to the cocoapod.

[mattconnolly]

I couldn't reproduce the crash with the older code, but I've merged the 1.1 mini zip files in. Can you please see if this helps by trying out my master branch.

If you're using cocoapods, you can add this to your Podfile:

pod 'ZipArchive', :git => 'https://github.com/mattconnolly/ZipArchive.git'

[vzqwer]

After adding

pod 'ZipArchive', :git => 'https://github.com/mattconnolly/ZipArchive.git'

project stops to build.

Precompiler macro

#ifdef unix

in 'minizip.c' doesn't recognized. So it tries to find Windows headers.

[mattconnolly]

Hi @vzqwer, can you please file this as a separate issue. This isn't related to this one.

[mattconnolly]

Closing due to inactivity.