bodgit / sevenzip

75%

main: 75%

LAST BUILD ON BRANCH fuzz

branch: fuzz

CHANGE BRANCH

x

Reset

• fuzz
• aes_protect
• arm64
• custom-decompressor
• dependabot/github_actions/actions/checkout-5.0.0
• dependabot/github_actions/actions/setup-go-5.2.0
• dependabot/github_actions/actions/setup-go-5.4.0
• dependabot/github_actions/actions/setup-go-5.5.0
• dependabot/github_actions/actions/upload-artifact-4.5.0
• dependabot/github_actions/actions/upload-artifact-4.6.0
• dependabot/github_actions/actions/upload-artifact-4.6.1
• dependabot/github_actions/actions/upload-artifact-4.6.2
• dependabot/github_actions/actions/upload-artifact-5.0.0
• dependabot/github_actions/amannn/action-semantic-pull-request-6.1.0
• dependabot/github_actions/amannn/action-semantic-pull-request-6.1.1
• dependabot/github_actions/github/codeql-action-3.27.7
• dependabot/github_actions/github/codeql-action-3.27.9
• dependabot/github_actions/github/codeql-action-3.28.0
• dependabot/github_actions/github/codeql-action-3.28.1
• dependabot/github_actions/github/codeql-action-3.28.10
• dependabot/github_actions/github/codeql-action-3.28.11
• dependabot/github_actions/github/codeql-action-3.28.12
• dependabot/github_actions/github/codeql-action-3.28.13
• dependabot/github_actions/github/codeql-action-3.28.14
• dependabot/github_actions/github/codeql-action-3.28.15
• dependabot/github_actions/github/codeql-action-3.28.16
• dependabot/github_actions/github/codeql-action-3.28.17
• dependabot/github_actions/github/codeql-action-3.28.18
• dependabot/github_actions/github/codeql-action-3.28.19
• dependabot/github_actions/github/codeql-action-3.28.2
• dependabot/github_actions/github/codeql-action-3.28.3
• dependabot/github_actions/github/codeql-action-3.28.4
• dependabot/github_actions/github/codeql-action-3.28.5
• dependabot/github_actions/github/codeql-action-3.28.6
• dependabot/github_actions/github/codeql-action-3.28.8
• dependabot/github_actions/github/codeql-action-3.28.9
• dependabot/github_actions/github/codeql-action-3.29.0
• dependabot/github_actions/github/codeql-action-3.29.1
• dependabot/github_actions/github/codeql-action-3.29.11
• dependabot/github_actions/github/codeql-action-3.29.2
• dependabot/github_actions/github/codeql-action-3.29.3
• dependabot/github_actions/github/codeql-action-3.29.4
• dependabot/github_actions/github/codeql-action-3.29.5
• dependabot/github_actions/github/codeql-action-3.29.8
• dependabot/github_actions/github/codeql-action-3.29.9
• dependabot/github_actions/github/codeql-action-3.30.0
• dependabot/github_actions/github/codeql-action-3.30.1
• dependabot/github_actions/github/codeql-action-3.30.2
• dependabot/github_actions/github/codeql-action-3.30.3
• dependabot/github_actions/github/codeql-action-3.30.4
• dependabot/github_actions/github/codeql-action-3.30.5
• dependabot/github_actions/github/codeql-action-3.30.6
• dependabot/github_actions/github/codeql-action-4.30.7
• dependabot/github_actions/github/codeql-action-4.30.8
• dependabot/github_actions/github/codeql-action-4.31.0
• dependabot/github_actions/github/codeql-action-4.31.1
• dependabot/github_actions/github/codeql-action-4.31.2
• dependabot/github_actions/github/codeql-action-4.31.3
• dependabot/github_actions/golangci/golangci-lint-action-6.2.0
• dependabot/github_actions/golangci/golangci-lint-action-6.3.0
• dependabot/github_actions/golangci/golangci-lint-action-6.3.1
• dependabot/github_actions/golangci/golangci-lint-action-6.4.0
• dependabot/github_actions/golangci/golangci-lint-action-6.5.0
• dependabot/github_actions/golangci/golangci-lint-action-6.5.1
• dependabot/github_actions/golangci/golangci-lint-action-6.5.2
• dependabot/github_actions/golangci/golangci-lint-action-8.0.0
• dependabot/github_actions/golangci/golangci-lint-action-9.0.0
• dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.1
• dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.2
• dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.3
• dependabot/github_actions/marocchino/sticky-pull-request-comment-2.9.4
• dependabot/github_actions/ossf/scorecard-action-2.4.1
• dependabot/github_actions/ossf/scorecard-action-2.4.3
• dependabot/github_actions/shogo82148/actions-goveralls-1.10.0
• dependabot/github_actions/shogo82148/actions-goveralls-1.9.1
• dependabot/go_modules/github.com/andybalholm/brotli-1.2.0
• dependabot/go_modules/github.com/klauspost/compress-1.18.0
• dependabot/go_modules/github.com/klauspost/compress-1.18.1
• dependabot/go_modules/github.com/klauspost/compress-1.18.2
• dependabot/go_modules/github.com/pierrec/lz4/v4-4.1.22
• dependabot/go_modules/github.com/pierrec/lz4/v4-4.1.23
• dependabot/go_modules/github.com/spf13/afero-1.12.0
• dependabot/go_modules/github.com/spf13/afero-1.15.0
• dependabot/go_modules/github.com/stretchr/testify-1.11.1
• dependabot/go_modules/github.com/ulikunitz/xz-0.5.14
• dependabot/go_modules/github.com/ulikunitz/xz-0.5.15
• dependabot/go_modules/golang.org/x/sync-0.10.0
• dependabot/go_modules/golang.org/x/sync-0.11.0
• dependabot/go_modules/golang.org/x/sync-0.15.0
• dependabot/go_modules/golang.org/x/sync-0.16.0
• dependabot/go_modules/golang.org/x/sync-0.17.0
• dependabot/go_modules/golang.org/x/text-0.21.0
• dependabot/go_modules/golang.org/x/text-0.22.0
• dependabot/go_modules/golang.org/x/text-0.26.0
• dependabot/go_modules/golang.org/x/text-0.27.0
• dependabot/go_modules/golang.org/x/text-0.28.0
• dependabot/go_modules/golang.org/x/text-0.29.0
• dependabot/go_modules/golang.org/x/text-0.30.0
• dependabot/go_modules/golang.org/x/text-0.31.0
• dependabot/go_modules/golang.org/x/text-0.32.0
• fix/lzma2-shift
• fix/oom-check
• issue329
• issue400
• issue457
• main
• master
• multi
• ppmd
• refs/tags/v1.2.0
• refs/tags/v1.2.1
• refs/tags/v1.2.2
• refs/tags/v1.3.0
• refs/tags/v1.4.0
• refs/tags/v1.4.1
• refs/tags/v1.4.2
• refs/tags/v1.4.3
• release-please--branches--main
• renovate/actions-checkout-5.x
• renovate/actions-checkout-6.x
• renovate/commitizen-tools-commitizen-3.x
• renovate/commitizen-tools-commitizen-4.x
• renovate/configure
• renovate/github-codeql-action-4.x
• renovate/github.com-andybalholm-brotli-1.x
• renovate/github.com-klauspost-compress-1.x
• renovate/github.com-pierrec-lz4-v4-4.x
• renovate/github.com-spf13-afero-1.x
• renovate/github.com-stangelandcl-ppmd-0.x
• renovate/gitleaks-gitleaks-8.x
• renovate/go4.org-digest
• renovate/golang.org-x-sync-0.x
• renovate/golang.org-x-text-0.x
• renovate/golangci-golangci-lint-2.x
• renovate/major-github-artifact-actions
• renovate/marocchino-sticky-pull-request-comment-3.x
• renovate/pre-commit-pre-commit-hooks-4.x
• renovate/pre-commit-pre-commit-hooks-6.x
• v1.0.0
• v1.1.0
• workflows

Build # 25081571569

Build Type

Pull #402

github

Committed by bodgit

Commit Message

fix: Prevent panics discovered by fuzzing

A number of `uint64` values read from the file are used for sizing
slices however really large values will induce a panic which can happen
when fuzzing.

For now, check these values are no greater than `math.MaxUint32` which
is safely within the Golang limit for slices and probably large enough.

Some values also should be greater than zero so add an additional check
for that where necessary.

Pull Request Pull Request #402: fix: Prevent panics discovered by fuzzing

Coverage Stats

38 of 62 new or added lines in 1 file covered. (61.29%)

1818 of 2430 relevant lines covered (74.81%)

0.84 hits per line