Google Git
Sign in
android / platform / external / bsdiff / 6e40d9347586f0bc628295a0c581c95eeae0a234
commit6e40d9347586f0bc628295a0c581c95eeae0a234[log] [tgz]
authorAmin Hassani <ahassani@google.com>Mon May 13 11:47:57 2019 -0700
committerAmin Hassani <ahassani@google.com>Fri Jun 14 11:42:22 2019 -0700
treeebe23d95183dfad42797b3d4ffea28ee8af07f92
parent1a313bad729068bfd60f9f86c5769671bc652b53 [diff]
bspatch_fuzzer: guard againts integer overflow with bad patch

oldpos is a signed integer and an invalid input can cause integer
overflow. This CL makes sure the interger overflow doesn't happen.

The error message was:
../../../../../../../tmp/portage/dev-util/bsdiff-9999/work/bsdiff-9999/platform2/bsdiff/bspatch.cc:366:12: runtime error: signed integer overflow: 251 + 9223372036854775807 cannot be represented in type 'long'

Bug: crbug.com/950591
Test: cros_fuzz --board=amd64-generic reproduce --fuzzer bspatch_fuzzer --testcase ~/trunk/clusterfuzz-testcase-bspatch_fuzzer-5689939906920448 --package bsdiff --build-type ubsan

Change-Id: If1253483bc073cfb08867b531121d835078544bb
1 file changed
tree: ebe23d95183dfad42797b3d4ffea28ee8af07f92
  1. include/
  2. NOTICELICENSE
  3. .clang-format
  4. .gitignore
  5. Android.bp
  6. AndroidTest.xml
  7. brotli_compressor.cc
  8. brotli_compressor.h
  9. brotli_compressor_unittest.cc
  10. brotli_decompressor.cc
  11. brotli_decompressor.h
  12. brotli_decompressor_unittest.cc
  13. bsdiff.1
  14. bsdiff.cc
  15. bsdiff_arguments.cc
  16. bsdiff_arguments.h
  17. bsdiff_arguments_unittest.cc
  18. bsdiff_main.cc
  19. bsdiff_unittest.cc
  20. bspatch.1
  21. bspatch.cc
  22. bspatch_fuzzer.cc
  23. bspatch_main.cc
  24. bspatch_unittest.cc
  25. buffer_file.cc
  26. buffer_file.h
  27. BUILD.gn
  28. bz2_compressor.cc
  29. bz2_compressor.h
  30. bz2_decompressor.cc
  31. bz2_decompressor.h
  32. bz2_decompressor_unittest.cc
  33. CleanSpec.mk
  34. compressor_buffer.cc
  35. compressor_buffer.h
  36. compressor_interface.h
  37. decompressor_interface.cc
  38. decompressor_interface.h
  39. diff_encoder.cc
  40. diff_encoder.h
  41. diff_encoder_unittest.cc
  42. endsley_patch_writer.cc
  43. endsley_patch_writer.h
  44. endsley_patch_writer_unittest.cc
  45. extents.cc
  46. extents.h
  47. extents_file.cc
  48. extents_file_unittest.cc
  49. extents_unittest.cc
  50. fake_patch_writer.h
  51. file.cc
  52. file.h
  53. libbsdiff.pc
  54. libbspatch.pc
  55. LICENSE
  56. logging.cc
  57. logging.h
  58. Makefile
  59. memory_file.cc
  60. memory_file.h
  61. MODULE_LICENSE_BSD_LIKE
  62. OWNERS
  63. patch_reader.cc
  64. patch_reader.h
  65. patch_reader_unittest.cc
  66. patch_writer.cc
  67. patch_writer.h
  68. patch_writer_factory.cc
  69. patch_writer_unittest.cc
  70. PREUPLOAD.cfg
  71. README.android
  72. README.chromium
  73. README.version
  74. sink_file.cc
  75. sink_file.h
  76. split_patch_writer.cc
  77. split_patch_writer.h
  78. split_patch_writer_unittest.cc
  79. suffix_array_index.cc
  80. suffix_array_index.h
  81. suffix_array_index_unittest.cc
  82. test_utils.cc
  83. test_utils.h
  84. testrunner.cc
  85. utils.cc
  86. utils.h