Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hang while opening BZip2 #842

Open
fuzzah opened this issue May 15, 2024 · 2 comments
Open

Hang while opening BZip2 #842

fuzzah opened this issue May 15, 2024 · 2 comments
Labels
bug up for grabs

Comments

@fuzzah
Copy link

fuzzah commented May 15, 2024

In continuation of #841.
The following code results in an infinite loop in SharpCompress:

using System.IO;
using SharpCompress.Readers;
Stream stream = new MemoryStream(new byte[] {0x42, 0x5a, 0x68, 0x34, 0x31, 0x41, 0x59, 0x26, 0x53, 0x59, 0x35});
ReaderFactory.Open(stream);

The stack trace (created with the dotnet stack tool):

System.Private.CoreLib!System.IO.Stream.ReadByte()
SharpCompress!SharpCompress.Compressors.BZip2.CBZip2InputStream.BsR(int32)
SharpCompress!SharpCompress.Compressors.BZip2.CBZip2InputStream.RecvDecodingTables()
SharpCompress!SharpCompress.Compressors.BZip2.CBZip2InputStream.GetAndMoveToFrontDecode()
SharpCompress!SharpCompress.Compressors.BZip2.CBZip2InputStream.InitBlock()
SharpCompress!SharpCompress.Compressors.BZip2.CBZip2InputStream..ctor(class System.IO.Stream,bool)
SharpCompress!SharpCompress.Compressors.BZip2.BZip2Stream..ctor(class System.IO.Stream,value class SharpCompress.Compressors.CompressionMode,bool)
SharpCompress!SharpCompress.Factories.TarFactory.TryOpenReader(class SharpCompress.IO.RewindableStream,class SharpCompress.Readers.ReaderOptions,class SharpCompress.Readers.IReader&)
SharpCompress!SharpCompress.Readers.ReaderFactory.Open(class System.IO.Stream,class SharpCompress.Readers.ReaderOptions)
app!Program.<Main>$(class System.String[])

This byte sequence written to a file gets detected as "bzip2 compressed data" by the file tool, but bzip2 fails to read it with the error message "bzip2: Compressed file ends unexpectedly".

Found by Linux Verification Center (linuxtesting.org) with AFL++ and SharpFuzz.
Reporter: Valery Korolyov (v.korolyov@gardatech.ru)
Organization: Garda Technologies (info@gardatech.ru)
@Morilli
Copy link
Contributor

Morilli commented May 30, 2024

Stepping through, the code correctly identifies the EOF here:

sharpcompress/src/SharpCompress/Compressors/BZip2/CBZip2InputStream.cs

Lines 394 to 397 in 6fc4b04

if (thech == '\uffff')
{
CompressedStreamEOF();
}

and then proceeds to... do nothing?

sharpcompress/src/SharpCompress/Compressors/BZip2/CBZip2InputStream.cs

Lines 42 to 52 in 6fc4b04

private static void Cadvise()
{
//System.out.Println("CRC Error");
//throw new CCoruptionError();
}
private static void BadBGLengths() => Cadvise();
private static void BitStreamEOF() => Cadvise();
private static void CompressedStreamEOF() => Cadvise();

Perhaps the fix is just to make this function actually throw an exception instead of silently passing?

@adamhathcock
Copy link
Owner

Seems like I should have ported the exception.

@Erior Erior mentioned this issue Jun 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug up for grabs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adamhathcock @Morilli @fuzzah