busybox: backport upstream fixes for unzip

http://git.busybox.net/busybox/commit/?h=1_24_stable&id=6767af17f11144c7cd3cfe9ef799d7f89a78fe65 http://git.busybox.net/busybox/commit/?h=1_24_stable&id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c (From OE-Core rev: e69c955d825bdfaa17eb7a75f26df8b7b646f04d) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andre McCurdy <armccurdy@gmail.com> 2015-12-02 10:41:46 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-12-08 10:20:49 +0000
commit: 2739ed08a8455aa0152747eab281253e5d7fa02f (patch)
tree: 53231c50de7b43c85ae9af19de217bb26bd0ddb2 /meta
parent: 6decbbb155c162517c0ee22bb7e184a3a5adcccc (diff)
download: poky-2739ed08a8455aa0152747eab281253e5d7fa02f.tar.gz
3 files changed, 263 insertions, 0 deletions
diff --git a/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch
new file mode 100644
index 0000000000..e3c502091f
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch
@@ -0,0 +1,143 @@
+Upstream-Status: Backport
+  http://busybox.net/downloads/fixes-1.24.1/
+  http://git.busybox.net/busybox/commit/?id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c
+  http://git.busybox.net/busybox/commit/?h=1_24_stable&id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Fri, 30 Oct 2015 23:41:53 +0100
+Subject: [PATCH] [g]unzip: fix recent breakage.
+Also, do emit error message we so painstakingly pass from gzip internals
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ archival/libarchive/decompress_gunzip.c | 33 +++++++++++++++++++++------------
+ testsuite/unzip.tests                   |  1 +
+ 2 files changed, 22 insertions(+), 12 deletions(-)
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index c76fd31..357c9bf 100644
+--- a/archival/libarchive/decompress_gunzip.c
+++ b/archival/libarchive/decompress_gunzip.c
+@@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+        huft_t *q;              /* points to current table */
+        huft_t r;               /* table entry for structure assignment */
+        huft_t *u[BMAX];        /* table stack */
+-       unsigned v[N_MAX];      /* values in order of bit length */
+-       unsigned v_end;
+       unsigned v[N_MAX + 1];  /* values in order of bit length. last v[] is never used */
+        int ws[BMAX + 1];       /* bits decoded stack */
+        int w;                  /* bits decoded */
+        unsigned x[BMAX + 1];   /* bit offsets, then code stack */
+@@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
+                *xp++ = j;
+        }
+ 
+-       /* Make a table of values in order of bit lengths */
+       /* Make a table of values in order of bit lengths.
+        * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
+        * In particular, last v[i] is never filled and must not be accessed.
+        */
+       memset(v, 0xff, sizeof(v));
+        p = b;
+        i = 0;
+-       v_end = 0;
+        do {
+                j = *p++;
+                if (j != 0) {
+                        v[x[j]++] = i;
+-                       v_end = x[j];
+                }
+        } while (++i < n);
+ 
+@@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 
+                        /* set up table entry in r */
+                        r.b = (unsigned char) (k - w);
+-                       if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
+                       if (/*p >= v + n || -- redundant, caught by the second check: */
+                           *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
+                       ) {
+                                r.e = 99; /* out of values--invalid code */
+                        } else if (*p < s) {
+                                r.e = (unsigned char) (*p < 256 ? 16 : 15);     /* 256 is EOB code */
+@@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
+                e = t->e;
+                if (e > 16)
+                        do {
+-                               if (e == 99)
+-                                       abort_unzip(PASS_STATE_ONLY);;
+                               if (e == 99) {
+                                       abort_unzip(PASS_STATE_ONLY);
+                               }
+                                bb >>= t->b;
+                                k -= t->b;
+                                e -= 16;
+@@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
+                        e = t->e;
+                        if (e > 16)
+                                do {
+-                                       if (e == 99)
+                                       if (e == 99) {
+                                                abort_unzip(PASS_STATE_ONLY);
+                                       }
+                                        bb >>= t->b;
+                                        k -= t->b;
+                                        e -= 16;
+@@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
+ 
+                b_dynamic >>= 4;
+                k_dynamic -= 4;
+-               if (nl > 286 || nd > 30)
+               if (nl > 286 || nd > 30) {
+                        abort_unzip(PASS_STATE_ONLY);   /* bad lengths */
+               }
+ 
+                /* read in bit-length-code lengths */
+                for (j = 0; j < nb; j++) {
+@@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
+                bl = lbits;
+ 
+                i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
+-               if (i != 0)
+               if (i != 0) {
+                        abort_unzip(PASS_STATE_ONLY);
+               }
+                bd = dbits;
+                i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
+-               if (i != 0)
+               if (i != 0) {
+                        abort_unzip(PASS_STATE_ONLY);
+               }
+ 
+                /* set up data for inflate_codes() */
+                inflate_codes_setup(PASS_STATE bl, bd);
+@@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
+        error_msg = "corrupted data";
+        if (setjmp(error_jmp)) {
+                /* Error from deep inside zip machinery */
+               bb_error_msg(error_msg);
+                n = -1;
+                goto ret;
+        }
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index ca0a458..d8738a3 100755
+--- a/testsuite/unzip.tests
+++ b/testsuite/unzip.tests
+@@ -34,6 +34,7 @@ rm foo.zip
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+   inflating: ]3j½r«IK-%Ix
+unzip: corrupted data
+ unzip: inflate error
+ 1
+ " \
+-- 
+2.6.2
diff --git a/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch
new file mode 100644
index 0000000000..718672695c
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch
@@ -0,0 +1,118 @@
+Upstream-Status: Backport
+  http://busybox.net/downloads/fixes-1.24.1/
+  http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
+  http://git.busybox.net/busybox/commit/?h=1_24_stable&id=6767af17f11144c7cd3cfe9ef799d7f89a78fe65
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Mon, 26 Oct 2015 19:33:05 +0100
+Subject: [PATCH] unzip: test for bad archive SEGVing
+function                                             old     new   delta
+huft_build                                          1296    1300      +4
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/decompress_gunzip.c | 11 +++++++----
+ testsuite/unzip.tests                   | 23 ++++++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 5 deletions(-)
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index 7b6f459..30bf451 100644
+--- a/archival/libarchive/decompress_gunzip.c
+++ b/archival/libarchive/decompress_gunzip.c
+@@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n,
+        unsigned i;             /* counter, current code */
+        unsigned j;             /* counter */
+        int k;                  /* number of bits in current code */
+-       unsigned *p;            /* pointer into c[], b[], or v[] */
+       const unsigned *p;      /* pointer into c[], b[], or v[] */
+        huft_t *q;              /* points to current table */
+        huft_t r;               /* table entry for structure assignment */
+        huft_t *u[BMAX];        /* table stack */
+        unsigned v[N_MAX];      /* values in order of bit length */
+       unsigned v_end;
+        int ws[BMAX + 1];       /* bits decoded stack */
+        int w;                  /* bits decoded */
+        unsigned x[BMAX + 1];   /* bit offsets, then code stack */
+@@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 
+        /* Generate counts for each bit length */
+        memset(c, 0, sizeof(c));
+-       p = (unsigned *) b; /* cast allows us to reuse p for pointing to b */
+       p = b;
+        i = n;
+        do {
+                c[*p]++; /* assume all entries <= BMAX */
+@@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n,
+        }
+ 
+        /* Make a table of values in order of bit lengths */
+-       p = (unsigned *) b;
+       p = b;
+        i = 0;
+       v_end = 0;
+        do {
+                j = *p++;
+                if (j != 0) {
+                        v[x[j]++] = i;
+                       v_end = x[j];
+                }
+        } while (++i < n);
+ 
+@@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n,
+ 
+                        /* set up table entry in r */
+                        r.b = (unsigned char) (k - w);
+-                       if (p >= v + n) {
+                       if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
+                                r.e = 99; /* out of values--invalid code */
+                        } else if (*p < s) {
+                                r.e = (unsigned char) (*p < 256 ? 16 : 15);     /* 256 is EOB code */
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index 8677a03..ca0a458 100755
+--- a/testsuite/unzip.tests
+++ b/testsuite/unzip.tests
+@@ -7,7 +7,7 @@
+ 
+ . ./testing.sh
+ 
+-# testing "test name" "options" "expected result" "file input" "stdin"
+# testing "test name" "commands" "expected result" "file input" "stdin"
+ #   file input will be file called "input"
+ #   test can create a file "actual" instead of writing to stdout
+ 
+@@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f
+ rmdir foo
+ rm foo.zip
+ 
+# File containing some damaged encrypted stream
+testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+"Archive:  bad.zip
+  inflating: ]3j½r«IK-%Ix
+unzip: inflate error
+1
+" \
+"" "\
+begin-base64 644 bad.zip
+UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ
+eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA
+AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA
+oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst
+JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA
+BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
+NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
+====
+"
+
+rm *
+
+ # Clean up scratch directory.
+ 
+ cd ..
+-- 
+2.6.2
diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb
index 7d2a7b203c..02e8a4959f 100644
--- a/meta/recipes-core/busybox/busybox_1.24.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -32,6 +32,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
           file://busybox-cross-menuconfig.patch \
           file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \
           file://0002-Passthrough-r-to-linker.patch \
+           file://busybox-1.24.1-unzip.patch \
+           file://busybox-1.24.1-unzip-regression.patch \
           file://mount-via-label.cfg \
           file://sha1sum.cfg \
           file://sha256sum.cfg \
author	Andre McCurdy <armccurdy@gmail.com>	2015-12-02 10:41:46 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-12-08 10:20:49 +0000
commit	2739ed08a8455aa0152747eab281253e5d7fa02f (patch)
tree	53231c50de7b43c85ae9af19de217bb26bd0ddb2 /meta
parent	6decbbb155c162517c0ee22bb7e184a3a5adcccc (diff)
download	poky-2739ed08a8455aa0152747eab281253e5d7fa02f.tar.gz

diff --git a/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch new file mode 100644 index 0000000000..e3c502091f --- /dev/null +++ b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip-regression.patch
@@ -0,0 +1,143 @@
		1	Upstream-Status: Backport
		2
		3	http://busybox.net/downloads/fixes-1.24.1/
		4	http://git.busybox.net/busybox/commit/?id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c
		5	http://git.busybox.net/busybox/commit/?h=1_24_stable&id=092fabcf1df5d46cd22be4ffcd3b871f6180eb9c
		6
		7	Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
		8
		9	From 092fabcf1df5d46cd22be4ffcd3b871f6180eb9c Mon Sep 17 00:00:00 2001
		10	From: Denys Vlasenko <vda.linux@googlemail.com>
		11	Date: Fri, 30 Oct 2015 23:41:53 +0100
		12	Subject: [PATCH] [g]unzip: fix recent breakage.
		13
		14	Also, do emit error message we so painstakingly pass from gzip internals
		15
		16	Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
		17	(cherry picked from commit 6bd3fff51aa74e2ee2d87887b12182a3b09792ef)
		18	Signed-off-by: Mike Frysinger <vapier@gentoo.org>
		19	---
		20	archival/libarchive/decompress_gunzip.c \| 33 +++++++++++++++++++++------------
		21	testsuite/unzip.tests \| 1 +
		22	2 files changed, 22 insertions(+), 12 deletions(-)
		23
		24	diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
		25	index c76fd31..357c9bf 100644
		26	--- a/archival/libarchive/decompress_gunzip.c
		27	+++ b/archival/libarchive/decompress_gunzip.c
		28	@@ -309,8 +309,7 @@ static int huft_build(const unsigned *b, const unsigned n,
		29	huft_t q; / points to current table */
		30	huft_t r; /* table entry for structure assignment */
		31	huft_t u[BMAX]; / table stack */
		32	- unsigned v[N_MAX]; /* values in order of bit length */
		33	- unsigned v_end;
		34	+ unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */
		35	int ws[BMAX + 1]; /* bits decoded stack */
		36	int w; /* bits decoded */
		37	unsigned x[BMAX + 1]; /* bit offsets, then code stack */
		38	@@ -365,15 +364,17 @@ static int huft_build(const unsigned *b, const unsigned n,
		39	*xp++ = j;
		40	}
		41
		42	- /* Make a table of values in order of bit lengths */
		43	+ /* Make a table of values in order of bit lengths.
		44	+ * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
		45	+ * In particular, last v[i] is never filled and must not be accessed.
		46	+ */
		47	+ memset(v, 0xff, sizeof(v));
		48	p = b;
		49	i = 0;
		50	- v_end = 0;
		51	do {
		52	j = *p++;
		53	if (j != 0) {
		54	v[x[j]++] = i;
		55	- v_end = x[j];
		56	}
		57	} while (++i < n);
		58
		59	@@ -435,7 +436,9 @@ static int huft_build(const unsigned *b, const unsigned n,
		60
		61	/* set up table entry in r */
		62	r.b = (unsigned char) (k - w);
		63	- if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
		64	+ if (/p >= v + n \|\| -- redundant, caught by the second check: /
		65	+ p == UINT_MAX / do we access uninited v[i]? (see memset(v))*/
		66	+ ) {
		67	r.e = 99; /* out of values--invalid code */
		68	} else if (*p < s) {
		69	r.e = (unsigned char) (p < 256 ? 16 : 15); / 256 is EOB code */
		70	@@ -520,8 +523,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
		71	e = t->e;
		72	if (e > 16)
		73	do {
		74	- if (e == 99)
		75	- abort_unzip(PASS_STATE_ONLY);;
		76	+ if (e == 99) {
		77	+ abort_unzip(PASS_STATE_ONLY);
		78	+ }
		79	bb >>= t->b;
		80	k -= t->b;
		81	e -= 16;
		82	@@ -557,8 +561,9 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
		83	e = t->e;
		84	if (e > 16)
		85	do {
		86	- if (e == 99)
		87	+ if (e == 99) {
		88	abort_unzip(PASS_STATE_ONLY);
		89	+ }
		90	bb >>= t->b;
		91	k -= t->b;
		92	e -= 16;
		93	@@ -824,8 +829,9 @@ static int inflate_block(STATE_PARAM smallint *e)
		94
		95	b_dynamic >>= 4;
		96	k_dynamic -= 4;
		97	- if (nl > 286 \|\| nd > 30)
		98	+ if (nl > 286 \|\| nd > 30) {
		99	abort_unzip(PASS_STATE_ONLY); /* bad lengths */
		100	+ }
		101
		102	/* read in bit-length-code lengths */
		103	for (j = 0; j < nb; j++) {
		104	@@ -906,12 +912,14 @@ static int inflate_block(STATE_PARAM smallint *e)
		105	bl = lbits;
		106
		107	i = huft_build(ll, nl, 257, cplens, cplext, &inflate_codes_tl, &bl);
		108	- if (i != 0)
		109	+ if (i != 0) {
		110	abort_unzip(PASS_STATE_ONLY);
		111	+ }
		112	bd = dbits;
		113	i = huft_build(ll + nl, nd, 0, cpdist, cpdext, &inflate_codes_td, &bd);
		114	- if (i != 0)
		115	+ if (i != 0) {
		116	abort_unzip(PASS_STATE_ONLY);
		117	+ }
		118
		119	/* set up data for inflate_codes() */
		120	inflate_codes_setup(PASS_STATE bl, bd);
		121	@@ -999,6 +1007,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
		122	error_msg = "corrupted data";
		123	if (setjmp(error_jmp)) {
		124	/* Error from deep inside zip machinery */
		125	+ bb_error_msg(error_msg);
		126	n = -1;
		127	goto ret;
		128	}
		129	diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
		130	index ca0a458..d8738a3 100755
		131	--- a/testsuite/unzip.tests
		132	+++ b/testsuite/unzip.tests
		133	@@ -34,6 +34,7 @@ rm foo.zip
		134	testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
		135	"Archive: bad.zip
		136	inflating: ]3j½r«IK-%Ix
		137	+unzip: corrupted data
		138	unzip: inflate error
		139	1
		140	" \
		141	--
		142	2.6.2
		143


diff --git a/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch new file mode 100644 index 0000000000..718672695c --- /dev/null +++ b/meta/recipes-core/busybox/busybox/busybox-1.24.1-unzip.patch
@@ -0,0 +1,118 @@
		1	Upstream-Status: Backport
		2
		3	http://busybox.net/downloads/fixes-1.24.1/
		4	http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
		5	http://git.busybox.net/busybox/commit/?h=1_24_stable&id=6767af17f11144c7cd3cfe9ef799d7f89a78fe65
		6
		7	Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
		8
		9	From 1de25a6e87e0e627aa34298105a3d17c60a1f44e Mon Sep 17 00:00:00 2001
		10	From: Denys Vlasenko <vda.linux@googlemail.com>
		11	Date: Mon, 26 Oct 2015 19:33:05 +0100
		12	Subject: [PATCH] unzip: test for bad archive SEGVing
		13
		14	function old new delta
		15	huft_build 1296 1300 +4
		16
		17	Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
		18	---
		19	archival/libarchive/decompress_gunzip.c \| 11 +++++++----
		20	testsuite/unzip.tests \| 23 ++++++++++++++++++++++-
		21	2 files changed, 29 insertions(+), 5 deletions(-)
		22
		23	diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
		24	index 7b6f459..30bf451 100644
		25	--- a/archival/libarchive/decompress_gunzip.c
		26	+++ b/archival/libarchive/decompress_gunzip.c
		27	@@ -305,11 +305,12 @@ static int huft_build(const unsigned *b, const unsigned n,
		28	unsigned i; /* counter, current code */
		29	unsigned j; /* counter */
		30	int k; /* number of bits in current code */
		31	- unsigned p; / pointer into c[], b[], or v[] */
		32	+ const unsigned p; / pointer into c[], b[], or v[] */
		33	huft_t q; / points to current table */
		34	huft_t r; /* table entry for structure assignment */
		35	huft_t u[BMAX]; / table stack */
		36	unsigned v[N_MAX]; /* values in order of bit length */
		37	+ unsigned v_end;
		38	int ws[BMAX + 1]; /* bits decoded stack */
		39	int w; /* bits decoded */
		40	unsigned x[BMAX + 1]; /* bit offsets, then code stack */
		41	@@ -324,7 +325,7 @@ static int huft_build(const unsigned *b, const unsigned n,
		42
		43	/* Generate counts for each bit length */
		44	memset(c, 0, sizeof(c));
		45	- p = (unsigned ) b; / cast allows us to reuse p for pointing to b */
		46	+ p = b;
		47	i = n;
		48	do {
		49	c[p]++; / assume all entries <= BMAX */
		50	@@ -365,12 +366,14 @@ static int huft_build(const unsigned *b, const unsigned n,
		51	}
		52
		53	/* Make a table of values in order of bit lengths */
		54	- p = (unsigned *) b;
		55	+ p = b;
		56	i = 0;
		57	+ v_end = 0;
		58	do {
		59	j = *p++;
		60	if (j != 0) {
		61	v[x[j]++] = i;
		62	+ v_end = x[j];
		63	}
		64	} while (++i < n);
		65
		66	@@ -432,7 +435,7 @@ static int huft_build(const unsigned *b, const unsigned n,
		67
		68	/* set up table entry in r */
		69	r.b = (unsigned char) (k - w);
		70	- if (p >= v + n) {
		71	+ if (p >= v + v_end) { // Was "if (p >= v + n)" but v[] can be shorter!
		72	r.e = 99; /* out of values--invalid code */
		73	} else if (*p < s) {
		74	r.e = (unsigned char) (p < 256 ? 16 : 15); / 256 is EOB code */
		75	diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
		76	index 8677a03..ca0a458 100755
		77	--- a/testsuite/unzip.tests
		78	+++ b/testsuite/unzip.tests
		79	@@ -7,7 +7,7 @@
		80
		81	. ./testing.sh
		82
		83	-# testing "test name" "options" "expected result" "file input" "stdin"
		84	+# testing "test name" "commands" "expected result" "file input" "stdin"
		85	# file input will be file called "input"
		86	# test can create a file "actual" instead of writing to stdout
		87
		88	@@ -30,6 +30,27 @@ testing "unzip (subdir only)" "unzip -q foo.zip foo/ && test -d foo && test ! -f
		89	rmdir foo
		90	rm foo.zip
		91
		92	+# File containing some damaged encrypted stream
		93	+testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
		94	+"Archive: bad.zip
		95	+ inflating: ]3j½r«IK-%Ix
		96	+unzip: inflate error
		97	+1
		98	+" \
		99	+"" "\
		100	+begin-base64 644 bad.zip
		101	+UEsDBBQAAgkIAAAAIQA5AAAANwAAADwAAAAQAAcAXTNqwr1ywqtJGxJLLSVJ
		102	+eCkBD0AdKBk8JzQsIj01JC0/ORJQSwMEFAECCAAAAAAhADoAAAAPAAAANgAA
		103	+AAwAAQASw73Ct1DCokohPXQiNjoUNTUiHRwgLT4WHlBLAQIQABQAAggIAAAA
		104	+oQA5AAAANwAAADwAAAAQQAcADAAAACwAMgCAAAAAAABdM2rCvXLCq0kbEkst
		105	+JUl4KQEPQB0oGSY4Cz4QNgEnJSYIPVBLAQIAABQAAggAAAAAIQAqAAAADwAA
		106	+BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
		107	+NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
		108	+====
		109	+"
		110	+
		111	+rm *
		112	+
		113	# Clean up scratch directory.
		114
		115	cd ..
		116	--
		117	2.6.2
		118


diff --git a/meta/recipes-core/busybox/busybox_1.24.1.bb b/meta/recipes-core/busybox/busybox_1.24.1.bb index 7d2a7b203c..02e8a4959f 100644 --- a/meta/recipes-core/busybox/busybox_1.24.1.bb +++ b/meta/recipes-core/busybox/busybox_1.24.1.bb
@@ -32,6 +32,8 @@ SRC_URI = "http://www.busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
32	file://busybox-cross-menuconfig.patch \	32	file://busybox-cross-menuconfig.patch \
33	file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \	33	file://0001-Use-CC-when-linking-instead-of-LD-and-use-CFLAGS-and.patch \
34	file://0002-Passthrough-r-to-linker.patch \	34	file://0002-Passthrough-r-to-linker.patch \
		35	file://busybox-1.24.1-unzip.patch \
		36	file://busybox-1.24.1-unzip-regression.patch \
35	file://mount-via-label.cfg \	37	file://mount-via-label.cfg \
36	file://sha1sum.cfg \	38	file://sha1sum.cfg \
37	file://sha256sum.cfg \	39	file://sha256sum.cfg \