zip icon indicating copy to clipboard operation
zip copied to clipboard
verified publisher icon kuba--

Added patches to zip.c to prevent OOM while fuzzing

Open capuanob opened this issue 10 months ago • 6 comments

Responding to https://github.com/kuba--/zip/pull/367#discussion_r1958774563

This PR adds a compiler definition specific to OSSFUZZ builds and bails prior to attempting to malloc beyond 1 gigabyte while fuzzing

capuanob avatar Feb 18 '25 00:02 capuanob

@kuba-- See a proposed fix to what we were discussing above

capuanob avatar Feb 18 '25 00:02 capuanob

I think the check is not where the real problem is. It happens IMO on zip_stream_open - when we open the compressed stream for reading (not a file). https://github.com/kuba--/zip/blob/master/fuzz/read_entry_fuzzer.c#L10

Moreover, we can add those checks/asserts inside fuzz package.

kuba-- avatar Feb 18 '25 11:02 kuba--

@kuba-- Updated to reflect your suggestions!

capuanob avatar Feb 23 '25 18:02 capuanob

Why fuzz_zip_validate_stream needs to be in the library? Cannot we put in some fuzz helpers? zip library should be pure. Some people just include those three files into their project and they do really care about fuzz stuff.

kuba-- avatar Feb 23 '25 21:02 kuba--

@kuba-- I wrapped it in an ifdef so that it will only be included if they explicitly build for fuzzing. Do you have a suggestion as to how to move it into a helper?

It depends upon a fully defined zip_t struct, which is currently defined in zip.c

capuanob avatar Feb 23 '25 21:02 capuanob

Can you take a look how fuzz was integrated into miniz (https://github.com/richgel999/miniz/tree/master). I think we should follow the same approach, because this library is based on miniz

kuba-- avatar Feb 24 '25 10:02 kuba--