wiimms-szs-tools
wiimms-szs-tools copied to clipboard
Add note that this is unsafe to run on untrusted files.
After running wszst (de)compress
through a fuzzer for a little while, it became obvious that SIGSEGV crashes are quite evident. I can send you the crashing files if you want, but seeing that this is a big ball of C code I don't believe it should be trusted to accept untrusted files.
My motivation for this is that I was going to run this on a server for uploading track files, and using wszst sha1
to grab the hash of a track, but after testing I found that this was a big security risk and instead opted to use my rust rewrite of wbz decompression to decompress and calculate the hash.