Disallow empty string as argument for --output-dir-flat and --output-dir-mirror #3220
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
embg
changed the title
Contributor
|
Please add a test case to the cli-tests https://github.com/facebook/zstd/tree/dev/tests/cli-tests/basic |
Contributor
|
LGTM once you have a test case |
embg
changed the title
Contributor
Author
Added a test and disallowed empty string as an argument for |
terrelln
approved these changes
Aug 1, 2022
Merged
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this pull request
Nov 4, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: 2573beba23b0b7250e7280002029f6c34f6bd100) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this pull request
Nov 5, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: 2573beba23b0b7250e7280002029f6c34f6bd100) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this pull request
Nov 6, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: eb9c9818088105f9bf20b7fdc04a380ce488a5e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this pull request
Nov 6, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: eb9c9818088105f9bf20b7fdc04a380ce488a5e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this pull request
Nov 7, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: eb9c9818088105f9bf20b7fdc04a380ce488a5e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this pull request
Nov 8, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: eb9c9818088105f9bf20b7fdc04a380ce488a5e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
halstead
pushed a commit
to openembedded/openembedded-core
that referenced
this pull request
Nov 11, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
halstead
pushed a commit
to yoctoproject/poky
that referenced
this pull request
Nov 11, 2024
Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: eb9c9818088105f9bf20b7fdc04a380ce488a5e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
jpuhlman
pushed a commit
to MontaVista-OpenSourceTechnology/poky
that referenced
this pull request
Nov 12, 2024
Source: poky MR: 170427 Type: Integration Disposition: Merged from poky ChangeID: 2496178 Description: Pick commits from [1] linked from [2] via [3]. [1] facebook/zstd#3220 [2] https://nvd.nist.gov/vuln/detail/CVE-2022-4899 [3] facebook/zstd#3200 (From OE-Core rev: eb9c9818088105f9bf20b7fdc04a380ce488a5e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> Signed-off-by: Jeremy A. Puhlman <[email protected]>
cd-fge
added a commit
to cd-fge/advisory-database
that referenced
this pull request
Nov 7, 2025
The referenced vulnerability affects the zstd command line tool only. The fix in zstd touches files in programs/, none in lib/: facebook/zstd#3220
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
dir1 == ""(fixes Buffer overrun can happen in util.c #3200 (comment))Edit: commit e1873ad fixes the buffer underflow, but I realized there is a deeper issue here. The current behavior for
--output-dir-flat=""and--output-dir-mirror=""maps"" -> "/". This is bad. Therefore, in f9f27de, I disallow empty string as an argument for those flags (and add a test verifying that behavior).