On 05/01/2015 20:50, Sebastian Andrzej Siewior wrote:
The ->search callback of the mspack library finds two cab files within
the one you attached. The internal structure gets real funny. afl
managed to create a .cab file which contains a valid file, followed by
one which contains an invalid compression which removes the
decompression callback. And then mspack thinks that the following file
belongs to the previous folder and therefore the decompression callback
is not updated but have none assigned and the NULL pointer is invoked.
This is an accurate summary. There are two cab files found, the second of
which has three files in two folders:
file 1 in folder 1 (valid)
file 2 in folder 2 (invalid)
file 3 in folder 1 again
Extracting file 1 sets up decompression state for folder 1.
Extracting file 2 switches from folder 1 to 2. Some, but not all,
decompression state is cleared. Setting up new decompression state fails.
When extracting file 3, cabextract thinks it's still set up to extract from
folder 1, so doesn't re-initialise state. The then proceeds to jump to
self->d->decompress which is NULL.
We can't clear self->d->folder upon failure to make cabextract re-init state
on the next extraction, because cabd_close uses self->d->folder to know to
deallocate decompression state when the cab with that folder is closed, and
not deallocate decompression state if a different cab file is being closed.
However, we can make a cleared self->d->state be a condition for
re-initialising decompression state.
/* do we need to change folder or reset the current folder? */
- if ((self->d->folder != fol) || (self->d->offset > file->offset)) {
+ if ((self->d->folder != fol) || (self->d->offset > file->offset) ||
+ !self->d->state)
+ {
This is now fixed in the repository version of cabextract / libmspack. New
releases will be made soon.
Regards
Stuart
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
