mirrors/zint
2
0
Fork 0
mirror of https://github.com/zint/zint synced 2024-11-16 20:57:25 +13:00
Code Issues Actions Packages Projects Releases Wiki Activity

#181 OSS-Fuzz DOTCODE fix, check length before accessing in binary()

Browse Source
This commit is contained in:
gitlost 2020-03-25 22:31:59 +00:00
parent 54bd024266
commit bee8794cda
3 changed files with 87 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/dotcode.c
View File

@ -104,7 +104,7 @@ static int clr_row(char *Dots, const int Hgt, const int Wid, const int y) {
}
/* Dot pattern scoring routine from Annex A */
static const int score_array(char Dots[], int Hgt, int Wid) {
static int score_array(char Dots[], int Hgt, int Wid) {
int x, y, worstedge, first, last, sum;
int penalty_local = 0;
int penalty = 0;
@ -441,10 +441,10 @@ static int ahead_b(const unsigned char source[], int position, int length) {
}
/* checks if the next character is in the range 128 to 255 (Annex F.II.I) */
static int binary(const unsigned char source[], int position) {
static int binary(const unsigned char source[], int length, int position) {
int retval = 0;
if (source[position] >= 128) {
if (position < length && source[position] >= 128) {
retval = 1;
}
@ -669,7 +669,7 @@ static int dotcode_encode_message(struct zint_symbol *symbol, const unsigned cha
/* Step B3 */
if ((!done) && (encoding_mode == 'C')) {
if (binary(source, input_position)) {
if (binary(source, length, input_position)) {
if (n_digits(source, input_position + 1, length) > 0) {
if ((source[input_position] - 128) < 32) {
codeword_array[array_length] = 110; // Bin Shift A
@ -805,7 +805,7 @@ static int dotcode_encode_message(struct zint_symbol *symbol, const unsigned cha
/* Step C3 */
if ((!done) && (encoding_mode == 'B')) {
if (binary(source, input_position)) {
if (binary(source, length, input_position)) {
if (datum_b(source, input_position + 1, length)) {
if ((source[input_position] - 128) < 32) {
codeword_array[array_length] = 110; // Bin Shift A
@ -907,7 +907,7 @@ static int dotcode_encode_message(struct zint_symbol *symbol, const unsigned cha
/* Step D3 */
if ((!done) && (encoding_mode == 'A')) {
if (binary(source, input_position)) {
if (binary(source, length, input_position)) {
if (datum_a(source, input_position + 1, length)) {
if ((source[input_position] - 128) < 32) {
codeword_array[array_length] = 110; // Bin Shift A
@ -1000,10 +1000,10 @@ static int dotcode_encode_message(struct zint_symbol *symbol, const unsigned cha
* base 103 into five base 259 values..."
*/
if ((!done) && (encoding_mode == 'X')) {
if (binary(source, input_position)
|| binary(source, input_position + 1)
|| binary(source, input_position + 2)
|| binary(source, input_position + 3)) {
if (binary(source, length, input_position)
|| binary(source, length, input_position + 1)
|| binary(source, length, input_position + 2)
|| binary(source, length, input_position + 3)) {
binary_buffer *= 259;
binary_buffer += source[input_position];
binary_buffer_size++;
@ -1213,6 +1213,8 @@ static void apply_mask(int mask, int data_length, unsigned char *masked_codeword
int weight = 0;
int j;
(void)dot_stream; /* Not currently used */
switch (mask) {
case 0:
masked_codeword_array[0] = 0;

1
backend/tests/CMakeLists.txt
View File

@ -56,6 +56,7 @@ zint_add_test(codablock, test_codablock)
zint_add_test(common, test_common)
zint_add_test(composite, test_composite)
zint_add_test(dmatrix, test_dmatrix)
zint_add_test(dotcode, test_dotcode)
zint_add_test(eci, test_eci)
zint_add_test(gb18030, test_gb18030)
zint_add_test(gb2312, test_gb2312)

74
backend/tests/test_dotcode.c Normal file
View File

@ -0,0 +1,74 @@
/*
libzint - the open source barcode library
Copyright (C) 2008-2020 Robin Stuart <rstuart114@gmail.com>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the project nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
*/
/* vim: set ts=4 sw=4 et : */
#include "testcommon.h"
// #181 Christian Hartlage OSS-Fuzz
static void test_fuzz(void)
{
testStart("");
int ret;
struct item {
unsigned char* data;
int ret;
};
// s/\/\*[ 0-9]*\*\//\=printf("\/*%3d*\/", line(".") - line("'<"))
struct item data[] = {
/* 0*/ { "(\207'", 0 }, // 0x28,0x87,0x27 Note: should but doesn't trigger sanitize error if no length check, for some reason; TODO: determine why
};
int data_size = sizeof(data) / sizeof(struct item);
for (int i = 0; i < data_size; i++) {
struct zint_symbol* symbol = ZBarcode_Create();
assert_nonnull(symbol, "Symbol not created\n");
symbol->symbology = BARCODE_DOTCODE;
int length = strlen(data[i].data);
ret = ZBarcode_Encode(symbol, data[i].data, length);
assert_equal(ret, data[i].ret, "i:%d ZBarcode_Encode ret %d != %d (%s)\n", i, ret, data[i].ret, symbol->errtxt);
ZBarcode_Delete(symbol);
}
testFinish();
}
int main()
{
test_fuzz();
testReport();
return 0;
}