|
Hans,
Thanks for the quick reply.
Some of the problems depended on the file that was being unzipped, some occurred for all of the files. I ran your sample application in Boundschecker and I didn't get the same problems, but I did get these:
1) XZipTestDlg.cpp - Line 313 - Expression uses dangling pointer
CloseZip(hz);
It looks like CloseZip isn't needed, as there is another one on line 305. As a fix, it might be good to change the CloseZip Macro to set hz to zero, so it can't me misused after it's already closed?
2) XZip.cpp - Line 1894 - reading uninitialized memory
state.ds.prev_length = match_length, prev_match = state.ds.match_start;
The uninitialized memory is state.ds.match_start although
I'm not sure what the comma is doing after match_length
maybe is was meant to be a semi-colon ?!?
As a fix, maybe the TDeflateState constructor can initialize this variable - just to be on the safe side (my personal preference is to trade tons of speed for any chance at avoiding a bug).
3) XZip.cpp - Line 1623 - reading uninitialized memory
register uch scan_end = scan[best_len];
I'm not sure if these problems are serious or not, but I would say I've dealt with "reading uninitialized memory" problems in the past and they are the hardest to debug . 99 times out of 100 the app will be okay, and then once in a long while it will act funny.
Warren
|
|
|
|
|
I doubt anyone ever reads this one anymore, but I'm looking for something like this that I can code cross-platform.
I know this won't work in Linux, as it XZip.cpp includes windows.h, but I'm trying to do a cross-platform app.
Any ideas for something that:
A) Is free to use
B) reads/writes ZIP or RAR files
C) Runs independent of any OS libraries
It also preferably:
D) Links statically
E) Zips/Unzips in memory
Cheers
Phaedrus
|
|
|
|
|
phaedrus wrote:
I know this won't work in Linux, as it XZip.cpp includes windows.h
Actually its use of windows stuff is minimal - some typedefs and some file i/o. It would not be that hard to port.
You might look at zlib - although I do not know if that is more portable.
Best wishes,
Hans
|
|
|
|
|
There is a buffer overflow vulnerability in ZipAdd function that could allow arbitrary code execution.
The overflow occurs when the second parameter is more than 520 characters.
Maybe vulnerable also others functions.
For example:
char overflow[550];
for (int i=0; i < 550; i++) overflow[i] = 'A';
HZIP hz = CreateZip("c:\\example.zip", 0, ZIP_FILENAME);
ZipAdd(hz, overflow , "c:\\source.exe", 0, ZIP_FILENAME);
May manifest itself as a vulnerability in applications that allows input from remote client.
|
|
|
|
|
The last 3 lines of the TUnzip::Open() function (in XUnzip.cpp) are:
uf = unzOpenInternal(f);
return ZR_OK;
}
The unzOpenInternal() function opens the specified ZIP file checks it's validity; as written, it returns a NULL value of there is a problem with the ZIP file:
if (err!=UNZ_OK) {lufclose(fin);return NULL;}
However, the Open() function ignores this return value and returns "all ok" regardless. If you attempt to open a file that is *not* a valid ZIP file, this creates a big problem if one uses the documented OpenZip() function (in the Code Project article:
HZIP hz = OpenZip(z,len,flags); //non-zero if zip archive opened ok, otherwise 0
if (hz) { <some code=""> }
To correct this problem I modified XUnzip.cpp as follows:
#pragma warning(disable : 4702) //(reference line to locate new code below)
ZRESULT zopenerror = ZR_OK; // NEW code
unzFile unzOpenInternal(LUFILE *fin) //(reference line to locate new code below)
{
zopenerror = ZR_OK; //NEW code
.
.
.
// if (err!=UNZ_OK) {lufclose(fin);return NULL;} //OLD code
if (err!=UNZ_OK) {lufclose(fin); zopenerror = err; return NULL;} //NEW code
.
.
.
}
ZRESULT TUnzip::Open(void *z,unsigned int len,DWORD flags) //(reference line to locate new code below)
{
.
.
.
// return ZR_OK; //OLD code
return zopenerror; //NEW code
}
I hope this is useful.
I've only had this a couple of days, and this is the only problem I've found. Otherwise it's great.
|
|
|
|
|
Is there a way to protect the archive by password during creation or later ?
Thanks a lot for reply.
|
|
|
|
|
Thanks a lot, your code was very helpful to me, although a simple wrapper-class would have been even nicer.
PS: "Look at the size of that thing!"
|
|
|
|
|
Is there/will be there any Progress Bar Support ?
|
|
|
|
|
Anyone fancy converting this into a .NET class library / assembly?
Don't worry, nobody lives forever.
|
|
|
|
|
|
I want a progress show during compression, how can I do? May be some function I don't know? Can I solve this question with "Createpipe",but how to do?
maybe someone tell me?
Thanks a lot in advance!
|
|
|
|
|
I really like this application/xzip/xunzip but I think it does not work on Linux. Is there a similar program that does work on linux???
|
|
|
|
|
I know the GUI wont but will the Zip and Unzip functionality work in linux as only a console app? I will try this out tomorrow but if it doesnt I will stop.
Why cant people get along with penguins
|
|
|
|
|
Seems that I'm too stupid to figure it out myself...
How do I set the desired compression level?
Please help, it's kinda urgent...
|
|
|
|
|
The compression level (or ratio) is determined by the configuration_table, which you can see at line 365 of XZip.cpp:
const config configuration_table[10] = {
{0, 0, 0, 0},
{4, 4, 8, 4},
{4, 5, 16, 8},
{4, 6, 32, 32},
{4, 4, 16, 16},
{8, 16, 32, 32},
{8, 16, 128, 128},
{8, 32, 128, 256},
{32, 128, 258, 1024},
{32, 258, 258, 4096}};
There is some explanation of the four values at line 563:
unsigned max_chain_length;
unsigned int max_lazy_match;
unsigned good_match;
int nice_match;
At line 1533 you will find the function lm_init() :
void lm_init (TState &state, int pack_level, ush *flags)
and at line 1556 in lm_init() :
state.ds.max_lazy_match = configuration_table[pack_level].max_lazy;
state.ds.good_match = configuration_table[pack_level].good_length;
state.ds.nice_match = configuration_table[pack_level].nice_length;
state.ds.max_chain_length = configuration_table[pack_level].max_chain;
So your question is answered by finding what the value of pack_level is. At line 2551, we see that lm_init() gets called:
lm_init(state,state.level, &zfi->flg);
and previously state is set up at line 2542:
state.param=this; state.level=8; state.seekable=iseekable; state.err=NULL;
So the answer seems to be 8, the next-to-highest compression level. (There is no external way to change the value of 8, so you will have to implement your own function if you want to do this.) The code does not seem to want to accept level 9, since at line 1537 we see:
Assert(state,pack_level>=1 && pack_level<=8,"bad pack level");
If you do change the compression level, I strongly urge you to test it thoroughly. I have not done much testing in this area myself.
Best wishes,
Hans
|
|
|
|
|
Hey, great, I found the configuration_table myself, but I didn't expect that such an important value would be buried that deep in the code...
Be sure that it gets tested.... alot...
Thanks for your help...
So long
Tom
|
|
|
|
|
Great code.
Perhaps I've missed something but it appears that there is no way to add files to an existing zip, or is there? If not, that would be a great addition.
|
|
|
|
|
HI,
did you solve this problem? I am unable to do it, please let us know if you have succeeded in doing so.
Thanks in advance.
|
|
|
|
|
Hello!
It looks like you know what you are doing, so I want to ask you if you have any clue about how to create a program that compress and compound some files into one single .exe file like a single .exe file setup application?
/ Deeply impressed!
|
|
|
|
|
I have not tried this, but here is something: http://www.codeproject.com/file/self_extractor.asp
Best wishes,
Hans
|
|
|
|
|
That's easy, just store the size of the exe, add the compressed files to the end of the exe and as the last long write the start of the data.
|
|
|
|
|
Deeply,
You are asking about creating SelF-eXtracting executables (SFX). I have used this open-source MakeSFX program with great success. There is a GUI version and a command-line version. It shouldn't be hard to integrate the code into one's project.
|
|
|
|
|
Thank you guys!
That two links gave me what i wanted!
Big thanks!!!
|
|
|
|
|
This is great class, but will you implement feature to open password protected archive?
This will be great improvement.
You got my 5.
|
|
|
|
|
Vanja Bojic wrote:
will you implement feature to open password protected archive
Thank you for your interest. This is one of things I would like to do, too.
Best wishes,
Hans
|
|
|
|
|