| 1417 | } |
| 1418 | |
| 1419 | func TestCVE202133196(t *testing.T) { |
| 1420 | // Archive that indicates it has 1 << 128 -1 files, |
| 1421 | // this would previously cause a panic due to attempting |
| 1422 | // to allocate a slice with 1 << 128 -1 elements. |
| 1423 | data := []byte{ |
| 1424 | 0x50, 0x4b, 0x03, 0x04, 0x14, 0x00, 0x08, 0x08, |
| 1425 | 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 1426 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 1427 | 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x02, |
| 1428 | 0x03, 0x62, 0x61, 0x65, 0x03, 0x04, 0x00, 0x00, |
| 1429 | 0xff, 0xff, 0x50, 0x4b, 0x07, 0x08, 0xbe, 0x20, |
| 1430 | 0x5c, 0x6c, 0x09, 0x00, 0x00, 0x00, 0x03, 0x00, |
| 1431 | 0x00, 0x00, 0x50, 0x4b, 0x01, 0x02, 0x14, 0x00, |
| 1432 | 0x14, 0x00, 0x08, 0x08, 0x08, 0x00, 0x00, 0x00, |
| 1433 | 0x00, 0x00, 0xbe, 0x20, 0x5c, 0x6c, 0x09, 0x00, |
| 1434 | 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, |
| 1435 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 1436 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 1437 | 0x01, 0x02, 0x03, 0x50, 0x4b, 0x06, 0x06, 0x2c, |
| 1438 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2d, |
| 1439 | 0x00, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 1440 | 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, |
| 1441 | 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, |
| 1442 | 0xff, 0xff, 0xff, 0x31, 0x00, 0x00, 0x00, 0x00, |
| 1443 | 0x00, 0x00, 0x00, 0x3a, 0x00, 0x00, 0x00, 0x00, |
| 1444 | 0x00, 0x00, 0x00, 0x50, 0x4b, 0x06, 0x07, 0x00, |
| 1445 | 0x00, 0x00, 0x00, 0x6b, 0x00, 0x00, 0x00, 0x00, |
| 1446 | 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, |
| 1447 | 0x4b, 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0xff, |
| 1448 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
| 1449 | 0xff, 0xff, 0xff, 0x00, 0x00, |
| 1450 | } |
| 1451 | _, err := NewReader(bytes.NewReader(data), int64(len(data))) |
| 1452 | if err != ErrFormat { |
| 1453 | t.Fatalf("unexpected error, got: %v, want: %v", err, ErrFormat) |
| 1454 | } |
| 1455 | |
| 1456 | // Also check that an archive containing a handful of empty |
| 1457 | // files doesn't cause an issue |
| 1458 | b := bytes.NewBuffer(nil) |
| 1459 | w := NewWriter(b) |
| 1460 | for range 5 { |
| 1461 | _, err := w.Create("") |
| 1462 | if err != nil { |
| 1463 | t.Fatalf("Writer.Create failed: %s", err) |
| 1464 | } |
| 1465 | } |
| 1466 | if err := w.Close(); err != nil { |
| 1467 | t.Fatalf("Writer.Close failed: %s", err) |
| 1468 | } |
| 1469 | r, err := NewReader(bytes.NewReader(b.Bytes()), int64(b.Len())) |
| 1470 | if err != nil { |
| 1471 | t.Fatalf("NewReader failed: %s", err) |
| 1472 | } |
| 1473 | if len(r.File) != 5 { |
| 1474 | t.Errorf("Archive has unexpected number of files, got %d, want 5", len(r.File)) |
| 1475 | } |
| 1476 | } |