[Bug 9491] New: Infinite loop in unlzma

bugzilla at busybox.net bugzilla at busybox.net
Wed Dec 21 15:51:42 UTC 2016


https://bugs.busybox.net/show_bug.cgi?id=9491

            Bug ID: 9491
           Summary: Infinite loop in unlzma
           Product: Busybox
           Version: unspecified
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: akurland at digi.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

There are three "infinite loops" in unlzma:

https://git.busybox.net/busybox/tree/archival/libarchive/decompress_unlzma.c#n283
https://git.busybox.net/busybox/tree/archival/libarchive/decompress_unlzma.c#n341
https://git.busybox.net/busybox/tree/archival/libarchive/decompress_unlzma.c#n435

They're not *quite* infinite as pos will overflow at some point, but it seems
that a while-loop was not the intent. Looking at the code this was based on:

https://dev.openwrt.org/browser/trunk/target/linux/lantiq/image/lzma-loader/src/LzmaDecode.c?rev=36438#L304

It appears the intent was for an if-conditional. This issue was found by the
Coverity Scan static code analyzer.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list