From 571429077cb3d91c5d46fd8e249fcdffc47fff82 Mon Sep 17 00:00:00 2001 From: Sebastian Zivota Date: Wed, 4 Oct 2023 16:22:01 +0200 Subject: [PATCH 1/3] fix(sourcebundles): Only accept UTF-8 files --- symbolic-debuginfo/src/sourcebundle.rs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/symbolic-debuginfo/src/sourcebundle.rs b/symbolic-debuginfo/src/sourcebundle.rs index 2fa8412f..0f459371 100644 --- a/symbolic-debuginfo/src/sourcebundle.rs +++ b/symbolic-debuginfo/src/sourcebundle.rs @@ -96,6 +96,9 @@ pub enum SourceBundleErrorKind { /// Generic error when writing a source bundle, most likely IO. WriteFailed, + + /// The file is not valid UTF-8 or could not be read for another reason. + ReadFailed, } impl fmt::Display for SourceBundleErrorKind { @@ -105,6 +108,7 @@ impl fmt::Display for SourceBundleErrorKind { Self::BadManifest => write!(f, "failed to read/write source bundle manifest"), Self::BadDebugFile => write!(f, "malformed debug info file"), Self::WriteFailed => write!(f, "failed to write source bundle"), + Self::ReadFailed => write!(f, "file could not be read as UTF-8"), } } } @@ -1154,6 +1158,8 @@ where /// Adds a file and its info to the bundle. /// + /// Only files containing valid UTF-8 are accepted. + /// /// Multiple files can be added at the same path. For the first duplicate, a counter will be /// appended to the file name. Any subsequent duplicate increases that counter. For example: /// @@ -1185,13 +1191,20 @@ where S: AsRef, R: Read, { + let mut buf = String::new(); + + if let Err(e) = file.read_to_string(&mut buf) { + return Err(SourceBundleError::new(SourceBundleErrorKind::ReadFailed, e)); + } + let full_path = self.file_path(path.as_ref()); let unique_path = self.unique_path(full_path); self.writer .start_file(unique_path.clone(), default_file_options()) .map_err(|e| SourceBundleError::new(SourceBundleErrorKind::WriteFailed, e))?; - std::io::copy(&mut file, &mut self.writer) + self.writer + .write_all(buf.as_bytes()) .map_err(|e| SourceBundleError::new(SourceBundleErrorKind::WriteFailed, e))?; self.manifest.files.insert(unique_path, info); From 319a2aa031990d824abbf246a03435becc2795b9 Mon Sep 17 00:00:00 2001 From: Sebastian Zivota Date: Wed, 4 Oct 2023 16:34:12 +0200 Subject: [PATCH 2/3] Add test --- Cargo.lock | 9 --------- symbolic-debuginfo/src/sourcebundle.rs | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39d07687..32182d01 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -658,15 +658,6 @@ dependencies = [ "percent-encoding", ] -[[package]] -name = "frame-dedupe" -version = "0.1.0" -dependencies = [ - "indexmap 1.9.3", - "serde", - "serde_json", -] - [[package]] name = "from_variant" version = "0.1.6" diff --git a/symbolic-debuginfo/src/sourcebundle.rs b/symbolic-debuginfo/src/sourcebundle.rs index 0f459371..c395f0d9 100644 --- a/symbolic-debuginfo/src/sourcebundle.rs +++ b/symbolic-debuginfo/src/sourcebundle.rs @@ -1433,6 +1433,22 @@ mod tests { Ok(()) } + #[test] + fn test_non_utf8() -> Result<(), SourceBundleError> { + let writer = Cursor::new(Vec::new()); + let mut bundle = SourceBundleWriter::start(writer)?; + + assert!(bundle + .add_file( + "bar.txt", + &[0, 159, 146, 150][..], + SourceFileInfo::default() + ) + .is_err()); + + Ok(()) + } + #[test] fn test_duplicate_files() -> Result<(), SourceBundleError> { let writer = Cursor::new(Vec::new()); From 5641ad2ca499e8faf66073aab1598947922d69e7 Mon Sep 17 00:00:00 2001 From: Sebastian Zivota Date: Wed, 4 Oct 2023 16:35:48 +0200 Subject: [PATCH 3/3] Changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb9eb9f8..882e80f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ - Emit a MODULE record for PE files ([#814](https://github.com/getsentry/symbolic/pull/814)) +**Fixes** + +- sourcebundles: Only valid UTF-8 files can be written into sourcebundles ([#816](https://github.com/getsentry/symbolic/pull/816)) + ## 12.4.1 **Fixes**