Differential D20260

Fix crash in KArchive::findOrCreate with broken files
ClosedPublic
Actions

Authored by aacid on Apr 5 2019, 10:05 AM.

Details

Reviewers
dfaure
Commits
R243:ad3cf347e44a: Fix crash in KArchive::findOrCreate with broken files
Summary

In some occassions KArchive::findOrCreate calls itself to find the parent KArchiveDirectory

Since KArchive::findOrCreate can return null we have to take into account parent can be null.

Test Plan

Crashy .zip doesn't crash anymore

Diff Detail

Repository
R243 KArchive
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
aacid created this revision.Apr 5 2019, 10:05 AM
Restricted Application added a project: Frameworks. · View Herald TranscriptApr 5 2019, 10:05 AM
Restricted Application added a subscriber: kde-frameworks-devel. · View Herald Transcript
aacid requested review of this revision.Apr 5 2019, 10:05 AM
aacid added a subscriber: dfaure.Apr 5 2019, 10:05 AM
apol added a subscriber: apol.Apr 5 2019, 11:04 AM

Looks good, would it be possible to get a test case?

aacid added a comment.Apr 6 2019, 2:57 PM
In D20260#443721, @apol wrote:

Looks good, would it be possible to get a test case?

Do we want a lot of crashy/broken files on the source code repo? Honestly i'm not sure it's worth it given that oss-fuzz will just make sure we don't regress.

dfaure accepted this revision.Apr 6 2019, 3:04 PM

OK, fair point. Assuming someone keeps running oss-fuzz regularly :-)

This revision is now accepted and ready to land.Apr 6 2019, 3:04 PM
Closed by commit R243:ad3cf347e44a: Fix crash in KArchive::findOrCreate with broken files (authored by aacid). · Explain WhyApr 6 2019, 3:24 PM
This revision was automatically updated to reflect the committed changes.
aacid added a comment.Apr 6 2019, 3:27 PM
In D20260#444580, @dfaure wrote:

OK, fair point. Assuming someone keeps running oss-fuzz regularly :-)

oss-fuzz runs automatically daily (or twice daily not sure). "Public" (i.e. discovered and more than 90 days ago) can be seen at https://bugs.chromium.org/p/oss-fuzz/issues/list?q=kimageformats (there's none so old, oldest unfixed is 2019-01-29).

If anyone wants to see the "quarentined" (i.e. not so old bugs) please contact the KDE security team and let's discuss it.

Revision Contents
Changeset List

PathPackages
Msrc/karchive.cpp (4 lines)

Diff 55573

View Options

src/karchive.cpp

Loading...