Release Notes
This commit addresses several minor issues in main.c, including potential buffer overflows in getopt_long, input validation for iteration and thread counts, improved error handling during file reads, and a path traversal vulnerability. It also adds casts to avoid potential overflows or compiler warnings.
Bug Fixes
CLI
- Implemented input validation for iterations and num_threads arguments, ensuring they fall within acceptable ranges (1-10,000 and 0-1,024, respectively). Invalid values now result in an error message and program exit.
- Corrected a potential buffer overflow in
getopt_longby ensuring the lengths of option names match exactly during comparison. - Added a resolved_in_path buffer and uses
zxc_validate_input_pathto prevent path traversal vulnerabilities when opening input files. The unlink call now uses resolved_in_path. - Added a type cast to int to prevent a compiler warning when calculating the progress bar percentage.
- Updated file closing logic on Windows vs other platforms.
Unit tests
- Added error handling to test_global_checksum_order to verify successful file reads of compressed data and returns 0 upon read failure. Also returns early if the compressed size is too small to proceed with the test.
Impact
Full Changelog: v0.6.1...v0.6.2