diff options
author | NAKAMURA Usaku <usa@ruby-lang.org> | 2022-03-05 22:01:07 +0900 |
---|---|---|
committer | NAKAMURA Usaku <usa@ruby-lang.org> | 2022-03-05 22:01:07 +0900 |
commit | 83de7133876ec392eb4b3b69c2220d7b49685444 (patch) | |
tree | 52e271114fb22a023cec6210a49690501d352e57 /test | |
parent | f740ffb81f3ef11526add528583b0cbfce28af67 (diff) |
merge revision(s) c51b92c18deb850d2cea3a7c9020db23b364ab72: [Backport #18358]
[ruby/zlib] [Bug #18358] Fix crash in zlib when in progress
When Zlib::Inflate#inflate or Zlib::Deflate#deflate is called
recursively inside the block, a crash can occur because of an
use-after-free bug.
https://github.com/ruby/zlib/commit/50fb8a0338
---
ext/zlib/zlib.c | 117 ++++++++++++++++++++++++++++++++-----------------
test/zlib/test_zlib.rb | 10 ++++-
2 files changed, 85 insertions(+), 42 deletions(-)
Diffstat (limited to 'test')
-rw-r--r-- | test/zlib/test_zlib.rb | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/test/zlib/test_zlib.rb b/test/zlib/test_zlib.rb index e4baa44ecb..e2cb4e3755 100644 --- a/test/zlib/test_zlib.rb +++ b/test/zlib/test_zlib.rb @@ -476,27 +476,36 @@ if defined? Zlib end def test_recursive_deflate + original_gc_stress = GC.stress + GC.stress = true zd = Zlib::Deflate.new + s = SecureRandom.random_bytes(1024**2) - assert_raise(Zlib::BufError) do + assert_raise(Zlib::InProgressError) do zd.deflate(s) do zd.deflate(s) end end ensure + GC.stress = original_gc_stress zd&.finish zd&.close end def test_recursive_inflate + original_gc_stress = GC.stress + GC.stress = true zi = Zlib::Inflate.new + s = Zlib.deflate(SecureRandom.random_bytes(1024**2)) - assert_raise(Zlib::DataError) do + + assert_raise(Zlib::InProgressError) do zi.inflate(s) do zi.inflate(s) end end ensure + GC.stress = original_gc_stress zi&.close end end |