diff --git a/src/gzip.cpp b/src/gzip.cpp index 3326f3c03..412cce2a1 100644 --- a/src/gzip.cpp +++ b/src/gzip.cpp @@ -112,13 +112,13 @@ namespace libtorrent { namespace { // returns -1 if gzip header is invalid or the header size in bytes - int gzip_header(span const buf) + int gzip_header(span const in) { // The zip header cannot be shorter than 10 bytes - if (buf.size() < 10) return -1; + if (in.size() < 10) return -1; span buffer( - reinterpret_cast(buf.data()), buf.size()); + reinterpret_cast(in.data()), in.size()); // gzip is defined in https://tools.ietf.org/html/rfc1952 @@ -150,22 +150,22 @@ namespace { if (flags & FNAME) { - if (buf.empty()) return -1; + if (buffer.empty()) return -1; while (buffer[0] != 0) { buffer = buffer.subspan(1); - if (buf.empty()) return -1; + if (buffer.empty()) return -1; } buffer = buffer.subspan(1); } if (flags & FCOMMENT) { - if (buf.empty()) return -1; + if (buffer.empty()) return -1; while (buffer[0] != 0) { buffer = buffer.subspan(1); - if (buf.empty()) return -1; + if (buffer.empty()) return -1; } buffer = buffer.subspan(1); } @@ -176,7 +176,7 @@ namespace { buffer = buffer.subspan(2); } - return static_cast(buf.size() - buffer.size()); + return static_cast(in.size() - buffer.size()); } } // anonymous namespace diff --git a/test/invalid1.gz b/test/invalid1.gz new file mode 100644 index 000000000..731ebd1d5 Binary files /dev/null and b/test/invalid1.gz differ diff --git a/test/test_gzip.cpp b/test/test_gzip.cpp index 7ed85ab95..a6935c27d 100644 --- a/test/test_gzip.cpp +++ b/test/test_gzip.cpp @@ -74,6 +74,22 @@ TORRENT_TEST(corrupt) TEST_CHECK(ec); } +TORRENT_TEST(invalid1) +{ + std::vector zipped; + error_code ec; + load_file(combine_path("..", "invalid1.gz"), zipped, ec, 1000000); + if (ec) std::printf("failed to open file: (%d) %s\n", ec.value() + , ec.message().c_str()); + TEST_CHECK(!ec); + + std::vector inflated; + inflate_gzip(zipped, inflated, 1000000, ec); + + // we expect this to fail + TEST_CHECK(ec); +} + TORRENT_TEST(empty) { std::vector empty;