Handling of out-of-bound access in a cluster

veloman-yunkan · veloman-yunkan · commit dcb7202ee6e1 · 2026-01-10T21:38:07.000+04:00
The test ZIM file
invalid.too_small_offset_of_first_blob_in_cluster_4.zim which simulated
a corrupted cluster header leading to a cluster with no blobs in it (a
case which was decriminalized by the previous commit) now caught a
situation where a crash could occur because of an out-of-bound access in
a cluster (this can happen due to invalid data in either a cluster
header or a dirent).

Cluster::getBlobOffset() must be checked at runtime too!
diff --git a/src/cluster.cpp b/src/cluster.cpp
@@ -137,14 +137,25 @@ getClusterReader(const Reader& zimReader, offset_t offset, Cluster::Compression*
     }
   }
 
-  zsize_t Cluster::getBlobSize(blob_index_t n) const
+  void Cluster::checkBlobIndex(blob_index_t n) const
   {
       if (blob_index_type(n)+1 >= m_blobOffsets.size()) {
         throw ZimFileFormatError("blob index out of range");
       }
+  }
+
+  zsize_t Cluster::getBlobSize(blob_index_t n) const
+  {
+      checkBlobIndex(n);
       return zsize_t(m_blobOffsets[blob_index_type(n)+1].v - m_blobOffsets[blob_index_type(n)].v);
   }
 
+  offset_t Cluster::getBlobOffset(blob_index_t n) const
+  {
+      checkBlobIndex(n);
+      return offset_t(1) + m_blobOffsets[blob_index_type(n)];
+  }
+
   const Reader& Cluster::getReader(blob_index_t n) const
   {
     std::lock_guard<std::mutex> lock(m_readerAccessMutex);
diff --git a/src/cluster.h b/src/cluster.h
@@ -76,6 +76,8 @@ namespace zim
       void read_header(size_t maxBlobCount);
       const Reader& getReader(blob_index_t n) const;
 
+      void checkBlobIndex(blob_index_t n) const;
+
     public:
       Cluster(std::unique_ptr<IStreamReader> reader, Compression comp, bool isExtended, size_t maxBlobCount);
       ~Cluster();
@@ -86,7 +88,8 @@ namespace zim
 
       zsize_t getBlobSize(blob_index_t n) const;
 
-      offset_t getBlobOffset(blob_index_t n) const { return offset_t(1) + m_blobOffsets[blob_index_type(n)]; }
+      offset_t getBlobOffset(blob_index_t n) const;
+
       Blob getBlob(blob_index_t n) const;
       Blob getBlob(blob_index_t n, offset_t offset, zsize_t size) const;
 
diff --git a/test/archive.cpp b/test/archive.cpp
@@ -798,7 +798,7 @@ TEST_F(ZimArchive, validate)
 
   TEST_BROKEN_ZIM_NAME(
     "invalid.too_small_offset_of_first_blob_in_cluster_4.zim",
-     "Error parsing cluster. Offset of the first blob is too small.\n"
+     "blob index out of range\n"
   )
 
   TEST_BROKEN_ZIM_NAME(

Original file line number	Diff line number	Diff line change
`@@ -137,14 +137,25 @@ getClusterReader(const Reader& zimReader, offset_t offset, Cluster::Compression*`
`137`	`137`	`}`
`138`	`138`	`}`
`139`	`139`
`140`		`- zsize_t Cluster::getBlobSize(blob_index_t n) const`
	`140`	`+ void Cluster::checkBlobIndex(blob_index_t n) const`
`141`	`141`	`{`
`142`	`142`	`if (blob_index_type(n)+1 >= m_blobOffsets.size()) {`
`143`	`143`	`throw ZimFileFormatError("blob index out of range");`
`144`	`144`	`}`
	`145`	`+ }`
	`146`	`+`
	`147`	`+ zsize_t Cluster::getBlobSize(blob_index_t n) const`
	`148`	`+ {`
	`149`	`+ checkBlobIndex(n);`
`145`	`150`	`return zsize_t(m_blobOffsets[blob_index_type(n)+1].v - m_blobOffsets[blob_index_type(n)].v);`
`146`	`151`	`}`
`147`	`152`
	`153`	`+ offset_t Cluster::getBlobOffset(blob_index_t n) const`
	`154`	`+ {`
	`155`	`+ checkBlobIndex(n);`
	`156`	`+ return offset_t(1) + m_blobOffsets[blob_index_type(n)];`
	`157`	`+ }`
	`158`	`+`
`148`	`159`	`const Reader& Cluster::getReader(blob_index_t n) const`
`149`	`160`	`{`
`150`	`161`	`std::lock_guard<std::mutex> lock(m_readerAccessMutex);`
Original file line number	Diff line number	Diff line change
`@@ -798,7 +798,7 @@ TEST_F(ZimArchive, validate)`
`798`	`798`
`799`	`799`	`TEST_BROKEN_ZIM_NAME(`
`800`	`800`	`"invalid.too_small_offset_of_first_blob_in_cluster_4.zim",`
`801`		`- "Error parsing cluster. Offset of the first blob is too small.\n"`
	`801`	`+ "blob index out of range\n"`
`802`	`802`	`)`
`803`	`803`
`804`	`804`	`TEST_BROKEN_ZIM_NAME(`