Submitted By: Bruce Dubbs Date: 2020-05-12 Initial Package Version: 16.02 Upstream Status: Unknown. Origin: Arch and Fedora Description: Updates for CVE-2016-9296, CVE-2017-17969, CVE-2018-5996, CVE-2018-10115 and GCC10. diff -Naur p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp --- p7zip_16.02.orig/CPP/7zip/Archive/7z/7zIn.cpp 2016-05-20 03:20:03.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Archive/7z/7zIn.cpp 2020-05-12 15:34:34.513287566 -0500 @@ -1097,7 +1097,8 @@ if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) ThrowIncorrect(); } - HeadersSize += folders.PackPositions[folders.NumPackStreams]; + if (folders.PackPositions) + HeadersSize += folders.PackPositions[folders.NumPackStreams]; return S_OK; } diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp --- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.cpp 2015-09-01 13:04:52.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.cpp 2020-05-12 15:35:00.897548643 -0500 @@ -29,7 +29,7 @@ }; */ -CDecoder::CDecoder(): m_IsSolid(false) { } +CDecoder::CDecoder(): _isSolid(false), _solidAllowed(false), _errorMode(false) { } void CDecoder::InitStructures() { @@ -345,7 +345,7 @@ void CDecoder::InitData() { - if (!m_IsSolid) + if (!_isSolid) { AvrPlcB = AvrLn1 = AvrLn2 = AvrLn3 = NumHuf = Buf60 = 0; AvrPlc = 0x3500; @@ -391,6 +391,11 @@ if (inSize == NULL || outSize == NULL) return E_INVALIDARG; + if (_isSolid && !_solidAllowed) + return S_FALSE; + + _solidAllowed = false; + if (!m_OutWindowStream.Create(kHistorySize)) return E_OUTOFMEMORY; if (!m_InBitStream.Create(1 << 20)) @@ -398,17 +403,22 @@ m_UnpackSize = (Int64)*outSize; m_OutWindowStream.SetStream(outStream); - m_OutWindowStream.Init(m_IsSolid); + m_OutWindowStream.Init(_isSolid); m_InBitStream.SetStream(inStream); m_InBitStream.Init(); // CCoderReleaser coderReleaser(this); InitData(); - if (!m_IsSolid) + if (!_isSolid) { + _errorMode = false; InitStructures(); InitHuff(); } + + if (_errorMode) + return S_FALSE; + if (m_UnpackSize > 0) { GetFlagsBuf(); @@ -470,6 +480,7 @@ } if (m_UnpackSize < 0) return S_FALSE; + _solidAllowed = true; return m_OutWindowStream.Flush(); } @@ -477,16 +488,16 @@ const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) { try { return CodeReal(inStream, outStream, inSize, outSize, progress); } - catch(const CInBufferException &e) { return e.ErrorCode; } - catch(const CLzOutWindowException &e) { return e.ErrorCode; } - catch(...) { return S_FALSE; } + catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } + catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } + catch(...) { _errorMode = true; return S_FALSE; } } STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) { if (size < 1) return E_INVALIDARG; - m_IsSolid = ((data[0] & 1) != 0); + _isSolid = ((data[0] & 1) != 0); return S_OK; } diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h --- p7zip_16.02.orig/CPP/7zip/Compress/Rar1Decoder.h 2014-12-21 06:44:00.000000000 -0600 +++ p7zip_16.02/CPP/7zip/Compress/Rar1Decoder.h 2020-05-12 15:35:00.897548643 -0500 @@ -38,7 +38,9 @@ UInt32 LastLength; Int64 m_UnpackSize; - bool m_IsSolid; + bool _isSolid; + bool _solidAllowed; + bool _errorMode; UInt32 ReadBits(int numBits); HRESULT CopyBlock(UInt32 distance, UInt32 len); diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp --- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.cpp 2015-10-03 03:49:14.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.cpp 2020-05-12 15:35:00.897548643 -0500 @@ -80,7 +80,9 @@ static const UInt32 kWindowReservSize = (1 << 22) + 256; CDecoder::CDecoder(): - m_IsSolid(false) + _isSolid(false), + _solidAllowed(false), + m_TablesOK(false) { } @@ -100,6 +102,8 @@ bool CDecoder::ReadTables(void) { + m_TablesOK = false; + Byte levelLevels[kLevelTableSize]; Byte newLevels[kMaxTableSize]; m_AudioMode = (ReadBits(1) == 1); @@ -170,6 +174,8 @@ } memcpy(m_LastLevels, newLevels, kMaxTableSize); + m_TablesOK = true; + return true; } @@ -315,6 +321,10 @@ if (inSize == NULL || outSize == NULL) return E_INVALIDARG; + if (_isSolid && !_solidAllowed) + return S_FALSE; + _solidAllowed = false; + if (!m_OutWindowStream.Create(kHistorySize)) return E_OUTOFMEMORY; if (!m_InBitStream.Create(1 << 20)) @@ -325,12 +335,12 @@ UInt64 pos = 0, unPackSize = *outSize; m_OutWindowStream.SetStream(outStream); - m_OutWindowStream.Init(m_IsSolid); + m_OutWindowStream.Init(_isSolid); m_InBitStream.SetStream(inStream); m_InBitStream.Init(); // CCoderReleaser coderReleaser(this); - if (!m_IsSolid) + if (!_isSolid) { InitStructures(); if (unPackSize == 0) @@ -338,12 +348,16 @@ if (m_InBitStream.GetProcessedSize() + 2 <= m_PackSize) // test it: probably incorrect; if (!ReadTables()) return S_FALSE; + _solidAllowed = true; return S_OK; } if (!ReadTables()) return S_FALSE; } + if (!m_TablesOK) + return S_FALSE; + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); while (pos < unPackSize) { @@ -378,6 +392,9 @@ if (!ReadLastTables()) return S_FALSE; + + _solidAllowed = true; + return m_OutWindowStream.Flush(); } @@ -394,7 +411,7 @@ { if (size < 1) return E_INVALIDARG; - m_IsSolid = ((data[0] & 1) != 0); + _isSolid = ((data[0] & 1) != 0); return S_OK; } diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h --- p7zip_16.02.orig/CPP/7zip/Compress/Rar2Decoder.h 2015-06-19 05:52:06.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar2Decoder.h 2020-05-12 15:35:00.898548653 -0500 @@ -138,7 +138,9 @@ Byte m_LastLevels[kMaxTableSize]; UInt64 m_PackSize; - bool m_IsSolid; + bool _isSolid; + bool _solidAllowed; + bool m_TablesOK; void InitStructures(); UInt32 ReadBits(unsigned numBits); diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp --- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.cpp 2016-05-20 03:20:03.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.cpp 2020-05-12 15:35:00.898548653 -0500 @@ -92,7 +92,9 @@ _writtenFileSize(0), _vmData(0), _vmCode(0), - m_IsSolid(false) + _isSolid(false), + _solidAllowed(false), + _errorMode(false) { Ppmd7_Construct(&_ppmd); } @@ -545,6 +547,9 @@ return InitPPM(); } + TablesRead = false; + TablesOK = false; + _lzMode = true; PrevAlignBits = 0; PrevAlignCount = 0; @@ -606,6 +611,9 @@ } } } + if (InputEofError()) + return S_FALSE; + TablesRead = true; // original code has check here: @@ -623,6 +631,9 @@ RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); memcpy(m_LastLevels, newLevels, kTablesSizesSum); + + TablesOK = true; + return S_OK; } @@ -811,7 +822,7 @@ { _writtenFileSize = 0; _unsupportedFilter = false; - if (!m_IsSolid) + if (!_isSolid) { _lzSize = 0; _winPos = 0; @@ -824,13 +835,21 @@ PpmEscChar = 2; PpmError = true; InitFilters(); + _errorMode = false; } - if (!m_IsSolid || !TablesRead) + + if (_errorMode) + return S_FALSE; + + if (!_isSolid || !TablesRead) { bool keepDecompressing; RINOK(ReadTables(keepDecompressing)); if (!keepDecompressing) + { + _solidAllowed = true; return S_OK; + } } for (;;) @@ -838,6 +857,8 @@ bool keepDecompressing; if (_lzMode) { + if (!TablesOK) + return S_FALSE; RINOK(DecodeLZ(keepDecompressing)) } else @@ -853,6 +874,9 @@ if (!keepDecompressing) break; } + + _solidAllowed = true; + RINOK(WriteBuf()); UInt64 packSize = m_InBitStream.BitDecoder.GetProcessedSize(); RINOK(progress->SetRatioInfo(&packSize, &_writtenFileSize)); @@ -873,6 +897,10 @@ if (!inSize) return E_INVALIDARG; + if (_isSolid && !_solidAllowed) + return S_FALSE; + _solidAllowed = false; + if (!_vmData) { _vmData = (Byte *)::MidAlloc(kVmDataSizeMax + kVmCodeSizeMax); @@ -901,8 +929,8 @@ _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; return CodeReal(progress); } - catch(const CInBufferException &e) { return e.ErrorCode; } - catch(...) { return S_FALSE; } + catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } + catch(...) { _errorMode = true; return S_FALSE; } // CNewException is possible here. But probably CNewException is caused // by error in data stream. } @@ -911,7 +939,7 @@ { if (size < 1) return E_INVALIDARG; - m_IsSolid = ((data[0] & 1) != 0); + _isSolid = ((data[0] & 1) != 0); return S_OK; } diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h --- p7zip_16.02.orig/CPP/7zip/Compress/Rar3Decoder.h 2015-10-03 03:49:12.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar3Decoder.h 2020-05-12 15:35:00.898548653 -0500 @@ -191,7 +191,9 @@ CRecordVector _tempFilters; UInt32 _lastFilter; - bool m_IsSolid; + bool _isSolid; + bool _solidAllowed; + bool _errorMode; bool _lzMode; bool _unsupportedFilter; @@ -200,6 +202,7 @@ UInt32 PrevAlignCount; bool TablesRead; + bool TablesOK; CPpmd7 _ppmd; int PpmEscChar; diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.cpp p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.cpp --- p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.cpp 2016-05-20 03:20:04.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.cpp 2020-05-12 15:35:00.899548663 -0500 @@ -72,6 +72,7 @@ _writtenFileSize(0), _dictSizeLog(0), _isSolid(false), + _solidAllowed(false), _wasInit(false), _inputBuf(NULL) { @@ -801,7 +802,10 @@ */ if (res == S_OK) + { + _solidAllowed = true; res = res2; + } if (res == S_OK && _unpackSize_Defined && _writtenFileSize != _unpackSize) return S_FALSE; @@ -821,6 +825,10 @@ { try { + if (_isSolid && !_solidAllowed) + return S_FALSE; + _solidAllowed = false; + if (_dictSizeLog >= sizeof(size_t) * 8) return E_NOTIMPL; diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.h p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.h --- p7zip_16.02.orig/CPP/7zip/Compress/Rar5Decoder.h 2015-09-01 13:04:50.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/Rar5Decoder.h 2020-05-12 15:35:00.899548663 -0500 @@ -271,6 +271,7 @@ Byte _dictSizeLog; bool _tableWasFilled; bool _isSolid; + bool _solidAllowed; bool _wasInit; UInt32 _reps[kNumReps]; diff -Naur p7zip_16.02.orig/CPP/7zip/Compress/ShrinkDecoder.cpp p7zip_16.02/CPP/7zip/Compress/ShrinkDecoder.cpp --- p7zip_16.02.orig/CPP/7zip/Compress/ShrinkDecoder.cpp 2016-05-18 12:31:02.000000000 -0500 +++ p7zip_16.02/CPP/7zip/Compress/ShrinkDecoder.cpp 2020-05-12 15:34:45.120392530 -0500 @@ -121,7 +121,12 @@ { _stack[i++] = _suffixes[cur]; cur = _parents[cur]; + if (cur >= kNumItems || i >= kNumItems) + break; } + + if (cur >= kNumItems || i >= kNumItems) + break; _stack[i++] = (Byte)cur; lastChar2 = (Byte)cur; diff -Naur p7zip_16.02.orig/CPP/Windows/ErrorMsg.cpp p7zip_16.02/CPP/Windows/ErrorMsg.cpp --- p7zip_16.02.orig/CPP/Windows/ErrorMsg.cpp 2015-01-18 12:20:28.000000000 -0600 +++ p7zip_16.02/CPP/Windows/ErrorMsg.cpp 2020-05-12 15:37:52.688247586 -0500 @@ -14,15 +14,15 @@ AString msg; switch(errorCode) { - case ERROR_NO_MORE_FILES : txt = "No more files"; break ; - case E_NOTIMPL : txt = "E_NOTIMPL"; break ; - case E_NOINTERFACE : txt = "E_NOINTERFACE"; break ; - case E_ABORT : txt = "E_ABORT"; break ; - case E_FAIL : txt = "E_FAIL"; break ; - case STG_E_INVALIDFUNCTION : txt = "STG_E_INVALIDFUNCTION"; break ; - case E_OUTOFMEMORY : txt = "E_OUTOFMEMORY"; break ; - case E_INVALIDARG : txt = "E_INVALIDARG"; break ; - case ERROR_DIRECTORY : txt = "Error Directory"; break ; + case unsigned (ERROR_NO_MORE_FILES) : txt = "No more files"; break ; + case unsigned (E_NOTIMPL) : txt = "E_NOTIMPL"; break ; + case unsigned (E_NOINTERFACE) : txt = "E_NOINTERFACE"; break ; + case unsigned (E_ABORT) : txt = "E_ABORT"; break ; + case unsigned (E_FAIL) : txt = "E_FAIL"; break ; + case unsigned (STG_E_INVALIDFUNCTION) : txt = "STG_E_INVALIDFUNCTION"; break ; + case unsigned (E_OUTOFMEMORY) : txt = "E_OUTOFMEMORY"; break ; + case unsigned (E_INVALIDARG) : txt = "E_INVALIDARG"; break ; + case ERROR_DIRECTORY : txt = "Error Directory"; break ; default: txt = strerror(errorCode); }