Skip to content

Commit

Permalink
Fix undefined behavior in package extraction code
Browse files Browse the repository at this point in the history
  • Loading branch information
castholm committed Nov 10, 2024
1 parent 6243adb commit 4732544
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/Package/Fetch.zig
Original file line number Diff line number Diff line change
Expand Up @@ -1730,7 +1730,7 @@ const HashedFile = struct {
fn stripRoot(fs_path: []const u8, root_dir: []const u8) []const u8 {
if (root_dir.len == 0 or fs_path.len <= root_dir.len) return fs_path;

if (std.mem.eql(u8, fs_path[0..root_dir.len], root_dir) and fs_path[root_dir.len] == fs.path.sep) {
if (std.mem.eql(u8, fs_path[0..root_dir.len], root_dir) and fs.path.isSep(fs_path[root_dir.len])) {
return fs_path[root_dir.len + 1 ..];
}

Expand Down Expand Up @@ -1845,8 +1845,8 @@ const FileHeader = struct {
}

pub fn isExecutable(self: *FileHeader) bool {
return std.mem.eql(u8, self.header[0..shebang.len], shebang) or
std.mem.eql(u8, self.header[0..elf_magic.len], elf_magic);
return std.mem.eql(u8, self.header[0..@min(self.bytes_read, shebang.len)], shebang) or
std.mem.eql(u8, self.header[0..@min(self.bytes_read, elf_magic.len)], elf_magic);
}
};

Expand Down Expand Up @@ -2128,7 +2128,7 @@ test "tarball with duplicate paths" {

try fb.expectFetchErrors(1,
\\error: unable to unpack tarball
\\ note: unable to create file 'duplicate_paths/dir1/file1': PathAlreadyExists
\\ note: unable to create file 'dir1/file1': PathAlreadyExists
\\
);
}
Expand Down

0 comments on commit 4732544

Please sign in to comment.