List Archive

Thread

Thread Index

Message

From: Andreas Falkenhahn <andreas%falkenhahn.com@localhost>
To: Dieter Baron <dillo%dillo.at@localhost>
Subject: Re: Error inconsistency between zip_open() and zip_open_from_source()
Date: Tue, 2 Jan 2018 14:31:51 +0100

On 02.01.2018 at 14:21 Dieter Baron wrote:

>> On 01.01.2018, at 15:54 , Andreas Falkenhahn 
>> <andreas%falkenhahn.com@localhost> wrote:
>> In zip_open() the "errorp" parameter may be NULL but in 
>> zip_open_from_source()
>> it must be set.

> Why do you think it can’t be NULL? I’ve just looked at the code, and I don’t 
> see it.

So zip_open_from_source() does this:

            /* ZIP_CREATE gets ignored if file exists and not ZIP_EXCL, just 
like open() */
            za = _zip_open(src, flags, error);

And _zip_open() does this:

    if ((cdir = _zip_find_central_dir(za, len)) == NULL) {
        _zip_error_copy(error, &za->error);
        /* keep src so discard does not get rid of it */
        zip_source_keep(src);
        zip_discard(za);
        return NULL;
    }

Now if NULL is passed in "error" to zip_open_from_source() _zip_error_copy()
will write to a NULL pointer and that's where the program is going to get
killed.

That's just one instance... looking at _zip_open() there seem to be a few
other instances like a call to _zip_error_set_from_source() which will also
crash on a NULL pointer. 

-- 
Best regards,
 Andreas Falkenhahn                            
mailto:andreas%falkenhahn.com@localhost

Made by MHonArc.