-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid IndexOutOfRangeException in ZipArchive #109168
base: main
Are you sure you want to change the base?
Conversation
Hello, @ericstj , @dotnet/area-system-io-compression ! |
if (index >= array.Length) | ||
{ | ||
// prevent an IndexOutOfRangeException from array[index] | ||
throw new InvalidDataException(SR.InvalidHuffmanData); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to add a test for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @stephentoub, thanks for the response!
I'll try to add a test for this scenario.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
An IndexOutOfRangeException exception is thrown when this invalid zip file is opened with ZipArchive. This file is generated while fuzzing ZipArchive with AFL++. More details in issue and pull request: dotnet/runtime#109167 dotnet/runtime#109168
An IndexOutOfRangeException exception is thrown when this invalid zip file is opened with ZipArchive. This file is generated while fuzzing ZipArchive with AFL++. More details in issue and pull request: dotnet/runtime#109167 dotnet/runtime#109168
@peter15914 FYI you'll need to wait until #109477 is merged to be able to consume the runtime-assets changes. Once that PR is in you can merge main into your branch and you should be able to access the new file. |
Add test to cover problem with invalid zip file. Currently an IndexOutOfRangeException is thrown when invalid zip file is opened with ZipArchive.
@dotnet-policy-service agree |
Hello @stephentoub ! |
Thanks! |
Fixes #109167
This pull request fixes unexpected IndexOutOfRangeException in ZipArchive.
Additional check added that array index is not out of range.
It is done in a similar way to the code in HuffmanTree.c:230:
Found by Linux Verification Center (linuxtesting.org).