List Archive
Thread
-
Error inconsistency between zip_open() and zip_ope,
Andreas Falkenhahn
(2018/01/01 15:09:51)
- Message not available
- Re: Error inconsistency between zip_open() and zip, Andreas Falkenhahn (2018/01/02 13:31:47)
- Message not available
Message
On 02.01.2018 at 14:21 Dieter Baron wrote: >> On 01.01.2018, at 15:54 , Andreas Falkenhahn >> <andreas%falkenhahn.com@localhost> wrote: >> In zip_open() the "errorp" parameter may be NULL but in >> zip_open_from_source() >> it must be set. > Why do you think it can’t be NULL? I’ve just looked at the code, and I don’t > see it. So zip_open_from_source() does this: /* ZIP_CREATE gets ignored if file exists and not ZIP_EXCL, just like open() */ za = _zip_open(src, flags, error); And _zip_open() does this: if ((cdir = _zip_find_central_dir(za, len)) == NULL) { _zip_error_copy(error, &za->error); /* keep src so discard does not get rid of it */ zip_source_keep(src); zip_discard(za); return NULL; } Now if NULL is passed in "error" to zip_open_from_source() _zip_error_copy() will write to a NULL pointer and that's where the program is going to get killed. That's just one instance... looking at _zip_open() there seem to be a few other instances like a call to _zip_error_set_from_source() which will also crash on a NULL pointer. -- Best regards, Andreas Falkenhahn mailto:andreas%falkenhahn.com@localhost
Made by MHonArc.